 |
Installing XP_CRYPT |
|
|
XP_CRYPT API |
|
|
Session |
|
|
Asymmetric keys |
|
|
DSA |
|
|
RSA |
|
|
DSA |
|
|
RSA |
|
|
Hashing |
|
|
Symmetric encryption |
|
|
AES128 |
|
|
AES |
|
|
DESX |
|
|
RC4 |
|
|
Triple DES |
|
|
Tutorial |
|
|
Troubleshooting |
|
What's new ?
ver 4.0
- GUI for automated code generation.
- New mode of AES added.
ver 3.6.2
ver 3.6
- Digital Signature (DSA)
standard added.
- Triple DES encryption
added
- Binary form output (without base64 encoding)
ver 3.5
- Session management For every connection XP_CRYPT creates
a separate session. Every allocated resource is attached to the
session and is automatically deallocated when the session is closed.
If you are abruptly disconnected and have not
deallocated the loaded keys, the keys will be automatically unloaded after
the timeout period. You can set the preferable timeout as well as another session options.
- Digital signature API You can digitally sign data and
verify the signatures. Works with keys of 512 bits and longer.
- Bulk operations This enables you to encrypt and
decrypt a few variables of any type at once !
- Password caching This feature allows to use load private
keys and decrypt information without mentioning the password. This
feature is very useful for creating encrypted tables with `views`
and INSTEAD OF triggers. See xp_crypt_set_option
for more information about pswd_cache option.
ver 3.4
In the previous versions of XP_CRYPT, the key must have been
loaded before its usage and explicitly freed after that. The key could have
been loaded only from the file on the server side. This way provides a high
speed of encryption/decryption operations, however it is not always the
most comfortable way. By changing the internal key handling we have
tried to achieve more flexibility, ease of usage and comparability with
old versions. Starting from version 3.4 you must not load and free the key, you
can simply specify its source and the key will be loaded from this
source and freed automatically after usage. This adds more comfort, but
also adds an overhead on reading the key into memory every time you
use it. Key source can be also a key handle. In this case your old SQL
scripts remain compatible with new versions.
There are 3 types of key source:
- Key handle. This handle is usually held in VARCHAR(10) variable.
You must load the key, get the handle and free it when you do not
need it. The key remains loaded into memory until the server restarts
or until you explicitly free it.
- Filename. You can simply specify the name of the file on
the server side where the key is stored. To distinguish it from other
source types precede file name with '<' character. For example
if you want your public key to be stored in c:\pubkey.pem and use it for
encryption in xp_rsa_pub_enc function, use : xp_rsa_pub_enc 'text',
'<c:\pubkey.pem', @result OUTPUT.
- Key body. If your key is not stored on the server side and if you
want to keep it somewhere else, this key source can help
you. In this case you pass the key content in the string.
Your front-end software should read the key file and pass it
exactly to XP_CRYPT functions. Please preserve new lines and all
semantics in this string. To get the content of the key you can use xp_rsa_save_key
key_handle, server_filename [, password] This saves the key to a file on
the server side. To save the key content to a variable use xp_rsa_save_key
key_handle,
@variable OUTPUT [, password] . You can do `select @variable` and save the output at the
client side. Remember: always when you save private key you
must specify secure password which should be more than 4 chars.
|
