Encryption

Advantage Concepts

Advantage supports encryption of table data and memo data in both DBF and ADT tables. Support also exists for encryption of ADT database table header information. Advantage can physically encrypt data in tables to protect that data from unauthorized viewing. The Advantage encryption scheme uses a case-sensitive password to encode data, requiring a password to view data in its unencrypted form. Advantage encryption capabilities provide an easy way to integrate data security over the network. The data stored in tables and memo files on the server is encrypted as well as the table and memo data passed over the network. If the Advantage application has the correct password, it will be able to decrypt the data on the client.

Advantage encryption is supported on two levels: per table and per record. If the entire table is encrypted, all fields in all records in the table are encrypted. This includes encryption of memo and BLOB fields. A table can also have only selected records encrypted, rather than all records. When encrypting only selected records, the memo and BLOB data associated with recorded is not encrypted.

The Advantage encryption engine incorporates a 160-bit, industry-standard encryption algorithm that ensures data is secure as it goes over the network.

Encryption of index data is only supported with dictionary bound ADT tables. The indexes must be rebuilt to encrypt the data inside the indexes. Index encryption requires an Advantage client that is greater than or equal to version 8.0.

With free tables, encryption does not affect the functionality of existing indexes. However, if the correct password is not supplied to enable encryption and there are encrypted records in the table, filters may not return correct result sets, and any new indexes created may not be valid. Certain table operations, such as Pack, may also require the correct password if there are encrypted records in the table.

Each table can be encrypted with just a single password. If a table contains one or more records that have been encrypted with that single password, and an application opens that table but does not have the correct password, those encrypted records will be treated as read-only to the application. If an entire table has been encrypted, an application will be unable to update, append, or insert records into that table unless it has the correct password that was used to encrypt the records in that table.

Records can be encrypted with only one password per table. The first application to enable a password for a previously unencrypted table will define the password to be used to encrypt all records in that table. If an entire DBF table is encrypted, part of the table header will also be encrypted such that non-Advantage DBF applications will not be able to open the table. Those applications will consider the encrypted table "corrupt" and will return an error when attempting to open the DBF table.

The same 160-bit encryption algorithm is used to authenticate users as well when the Advantage Data Dictionary is used. See Advantage Data Dictionary for more information.

Since Advantage uses the 160-bit encryption algorithm, the encryption password can be up to 20 characters in length. Passwords longer than 20 characters are truncated internally to 20 characters. When using encryption to protect the privacy of the data, it is always better to use a longer password than a shorter one.

Advantage encryption in version 6.0 and greater of servers and clients uses a 160-bit encryption algorithm instead of the 40-bit encryption algorithm used in version 5.x/2.x of Advantage servers and clients. The 6.x servers and clients also encrypt the memo and BLOB data if an ADT table is completed encrypted. Because of these changes, if a table is encrypted with a password that is longer than five characters using Advantage 6.0 or greater clients, or if a table is fully encrypted using Advantage 6.0 or greater clients, the table is not backward compatible with earlier (5.x/2.x) Advantage servers and clients. However, tables encrypted using earlier versions (2.x version) of Advantage clients are fully compatible with Advantage 6.0 and greater clients and servers.

In version 7.0 and greater of Advantage servers and clients, DBF memo and BLOB data is encrypted when an entire table is encrypted. Because of this change, if a DBF table containing memo or BLOB data is encrypted using a 7.0 client and server, the table will not be backwards compatible with earlier (6.x) Advantage clients and servers. However, tables encrypted using earlier versions of Advantage clients are fully compatible with Advantage 7.0 and greater clients and servers.

Advantage Encryption Functions Available with the Advantage Client Engine API

The following is a list of the encryption functions available with the Advantage Client Engine API:

Advantage Encryption with the Advantage ODBC Driver

If the Advantage ODBC Driver detects that an encrypted table is being used in a query and AdsEnableEncryption has not been called for the table (for free connections), a message box will prompt the user for the password associated with the table.

Advantage Encryption with the Advantage OLE DB Provider

For additional information on encryption with the Advantage OLE DB Provider for free connections, see the following in the Advantage TDataSet Descendant Help documentation (ADE.HLP or ade.htm). (Note that each of the Advantage products and their corresponding Help files are installed separately):

Advantage Encryption with the Advantage CA-Visual Objects RDD

For additional information on encryption with free connections with the Advantage CA-Visual Objects RDD, see AX_SetPassword() function found in the DBFAXS library. To access all of the encryption functionality with free connections with the Advantage CA-Visual Objects RDD, import the Advantage Client Engine library from the file ACE.AEF and use the Advantage Client Engine encryption APIs.

Advantage Encryption with the Advantage TDataSet Descendant

Encryption with the Advantage TDataSet Descendant