2.8 Encrypting Your Data

2.8 Encrypting Your Data

You can create calculations to scramble your data before sharing with XML web publishing or XML export. You can supply a calculation to unscramble and give the "key" only to select users. Several encryption schemes can be used. One method of encryption is ROT13. This method rotates the characters 13 characters away from the original. While this method can scramble the data, it is a common encryption method and the data can be easily unscrambled by applying the same rotation again. Another way, the Data Encryption Standard (DES), is found on this web site: http://www.itl.nist.gov/fipspubs/fip46-2.htm. A more recent method of encryption is the RC6 standard. You can read more about this cryptography on the RSA Laboratories web site, http://www.rsasecurity.com.

There are two FileMaker Pro plug-ins that can create encrypted (scrambled) data.

The Troi-Coding plug-in performs several kinds of scrambling, including ZLIB compression, ROT13, encryption with DES, and signature generation. Sample scripts using the plug-in are shown in Listing 2.17. Because this text may be transmitted on the Internet, the text can be converted to ASCII characters in the range of 45 to 127 (some special characters, all of the English alphabet, and all of the numbers). Look at your sample file ASCII.FP5 for these characters. These encrypted fields can be served safely on the Internet. If the end user has the correct key, the Troi-Coding plug-in can decrypt them. You can find this plug-in on this web site: http://www.troi.com/.

Listing 2.17: Troi-Coding encryption and decryption
Start example
Set Field [ result, External("Troi-Compress", myTextField) ]
Set Field [ myTextField, External("Troi-Decompress", result) ]
Set Field [ rotatedField, External("Troi-Rotate13", myTextField) ]
Set Field [ myTextField, External("Troi-Rotate13", rotatedField) ]
Set Field [ secretField, External("Troi-Code", " -encryptDES|" &
  gDecryptionKey & "|" & textField) ]
Set Field [ textField, External("Troi-Code", " -decryptDES|" &
  gDecryptionKey & "|" & secretField) ]
Set Field [ result, External("Troi-TextSignature", myTextField) ]
Set Field [ result, External("Troi-EncodeSafeAscii", myTextField) ]
Set Field [ myTextField, External("Troi-DecodeSafeAscii", result) ]
End example

ProtoLight, http://www.geocities.com/SiliconValley/Network/9327/, has the Crypto Toolbox plug-in that performs multiple encryption techniques. First, the text is converted with ROT13. Next, Crypto Toolbox uses the RC4 Compatible or RC6 Compatible schemes. Finally, this plug-in uses a TextToASCII conversion so that the resulting text can be easily sent as email, passed on a web page, or otherwise transported through the Internet. Example script steps are shown below in Listing 2.18. This plug-in also can obtain the VSN (volume serial number) of the C drive on Windows or the MAC (Ethernet) address on Macintosh (will return creation data+time when NIC is missing). Using this information, your access can be keyed to a particular machine.

Listing 2.18: Crypto Toolbox encryption and decryption
Start example
Set Field [ result, External ("crypt-SetKey", passwordToUse) ]
Set Field [ secretField, External ("crypt-Encrypt_RC4", myTextField) ]
Set Field [ myTextField, External ("crypt-Decrypt_RC4", secretField) ]
Set Field [ secretField, External ("crypt-Encrypt_RC6", myTextField) ]
Set Field [ myTextField, External ("crypt-Decrypt_RC6", secretField) ]
End example

When you encrypt your data, it can ensure that only a user with the correct decryption key will be able to retrieve the data. There are field size limits, so this option may not work for all of your database records, but sensitive fields can be encrypted. Remember to remove the original data from any database that is web published if you are relying on field encryption for security.