Question regarding Encryption & the TLiteEncryptor

Discussion of open issues, suggestions and bugs regarding LiteDAC (SQLite Data Access Components) for Delphi, C++Builder, Lazarus (and FPC)
Post Reply
Steven
Posts: 30
Joined: Fri 06 Dec 2013 19:48

Question regarding Encryption & the TLiteEncryptor

Post by Steven » Mon 17 Mar 2014 01:28

Using the latest LiteDAC professional release.

I am in the process of implementing field level encryption by using the TLiteEncryption component and I need some clarification about what is said in the documentation under "Data Encryption" on the help webpage http://www.devart.com/litedac/docs/.
To avoid these problems, it is recommended to store, along with the data, the appropriate GUID, which is necessary for specifying that the value in the record is encrypted and it must be decrypted when reading data. This allows you to avoid confusion and keep in the same column both the encrypted and decrypted data, which is particularly important when using an existing table. Also, when doing in this way, a random initializing vector is generated before the data encryption, which is used for encryption. This allows you to receive different results for the same initial data, which significantly increases security.

The most preferable way is to store the hash data along with the GUID and encrypted information to determine the validity of the data and verify its integrity. In this way, if there was an attempt to falsify the data at any stage of the transmission or data storage, when decrypting the data, there will be a corresponding error generated. For calculating the hash the SHA1 or MD5 algorithms can be used the HashAlgorithm property.
The GUID mentioned is generated by the component? (I didn't see any GUID property)
Are the GUID and the 'random initializing vector' what are commonly referred to as encryption Salt & Pepper?

I.E. something like
$StoredData=hash(encryption(encryption($OrigData + Salt)+Pepper))

My apologies for having you dig up the details (and you can email the information if you feel it unsecure to reveal them on the forum) but I need to be sure that I understand this clearly because I am required to document how the security (i.e. field level encryption on sensitive data) is implemented in my program documentation for my client.

Thanks...

AlexP
Devart Team
Posts: 5530
Joined: Tue 10 Aug 2010 11:35

Re: Question regarding Encryption & the TLiteEncryptor

Post by AlexP » Wed 19 Mar 2014 13:47

Hello,

GUID is added to an encrypted record automatically under the condition that the DataHeader property is set to ehTag or ehTagAndHash.
http://www.devart.com/litedac/docs/deva ... header.htm , http://www.devart.com/litedac/docs/deva ... header.htm .

Post Reply