I am in the process of implementing field level encryption by using the TLiteEncryption component and I need some clarification about what is said in the documentation under "Data Encryption" on the help webpage http://www.devart.com/litedac/docs/.
The GUID mentioned is generated by the component? (I didn't see any GUID property)To avoid these problems, it is recommended to store, along with the data, the appropriate GUID, which is necessary for specifying that the value in the record is encrypted and it must be decrypted when reading data. This allows you to avoid confusion and keep in the same column both the encrypted and decrypted data, which is particularly important when using an existing table. Also, when doing in this way, a random initializing vector is generated before the data encryption, which is used for encryption. This allows you to receive different results for the same initial data, which significantly increases security.
The most preferable way is to store the hash data along with the GUID and encrypted information to determine the validity of the data and verify its integrity. In this way, if there was an attempt to falsify the data at any stage of the transmission or data storage, when decrypting the data, there will be a corresponding error generated. For calculating the hash the SHA1 or MD5 algorithms can be used the HashAlgorithm property.
Are the GUID and the 'random initializing vector' what are commonly referred to as encryption Salt & Pepper?
I.E. something like
$StoredData=hash(encryption(encryption($OrigData + Salt)+Pepper))
My apologies for having you dig up the details (and you can email the information if you feel it unsecure to reveal them on the forum) but I need to be sure that I understand this clearly because I am required to document how the security (i.e. field level encryption on sensitive data) is implemented in my program documentation for my client.