This is the legacy 4D documentation web site. Documentations are progressively being moved to developer.4d.com |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
4D v20 R7
ENCRYPT BLOB
|
ENCRYPT BLOB ( toEncrypt ; sendPrivKey {; recipPubKey} ) | ||||||||
Parameter | Type | Description | ||||||
toEncrypt | BLOB |
![]() |
Data to encrypt | |||||
![]() |
Encrypted data | |||||||
sendPrivKey | BLOB |
![]() |
Sender’s private key | |||||
recipPubKey | BLOB |
![]() |
Recipient’s public key | |||||
The ENCRYPT BLOB command encrypts the content of the toEncrypt BLOB with the sender’s private key sendPrivKey, as well as optionally the recipient’s public key recipPubKey. These keys should be generated by the command GENERATE ENCRYPTION KEYPAIR (within the “Secured Protocol” theme).
Note: This command uses the TLS protocol algorithm and encryption features. To be able to use this command, make sure that the components necessary to the TLS protocol are installed properly on your machine — even if you do not want to use TLS for 4D connections to servers. For detailed information on this protocol, please refer to developer.4d.com.
The BLOB containing the keys has a PKCS internal format. This standard cross platform format allows exchanging or handling keys simply by copy-pasting in an Email or a text file.
Once the command has been run, the toEncrypt BLOB contains the encrypted data that will be decrypted only with the DECRYPT BLOB command, with the sender’s public key passed as parameter.
Moreover, if the optional recipient’s public key has been used to encrypt the information, the recipient’s private key will also be necessary for decrypting.
Encryption principle with public and private keys for message exchange between two people, “Alice” and “Bob”:
Note: The cipher contains a checksum functionality in order to avoid any BLOB content modification (deliberately or not). Consequently, an encrypted BLOB should not be modified otherwise it might not be decrypted.
Data encryption slows down the execution of your applications, especially if a pair of keys is used. However, you can consider the following optimization tips:
1) The company generates a pair of keys with the command GENERATE ENCRYPTION KEYPAIR:
`Method GENERATE_KEYS_TXT
C_BLOB($BPublicKey;$BPrivateKey)
GENERATE ENCRYPTION KEYPAIR($BPrivateKey;$BPublicKey)
BLOB TO DOCUMENT("PublicKey.txt";$BPublicKey)
BLOB TO DOCUMENT("PrivateKey.txt";$BPrivateKey)
2) The company keeps the private key and sends a copy of the document containing the public key to each subsidiary. For maximum security, the key should be copied on a storage device handed over to the subsidiaries.
3) Then the company copies the private information (stored in the text field, for example) in BLOBs which will be encrypted with the private key:
`Method ENCRYPT_INFO
C_BLOB($vbEncrypted;$vbPrivateKey)
C_TEXT($vtEncrypted)
$vtEncrypted:=[Private]Info
VARIABLE TO BLOB($vtEncrypted;$vbEncrypted)
DOCUMENT TO BLOB("PrivateKey.txt";$vbPrivateKey)
If(OK=1)
ENCRYPT BLOB($vbEncrypted;$vbPrivateKey)
BLOB TO DOCUMENT("Update.txt";$vbEncrypted)
End if
4) The update files can be sent to the subsidiaries (though a non-secured channel such as the Internet). If a third person gets hold of the encrypted file, he will not be able to decrypt it without the public key.
5) Each subsidiary can decrypt the document with the public key:
`Method DECRYPT_INFO
C_BLOB($vbEncrypted;$vbPublicKey)
C_TEXT($vtDecrytped)
C_TIME($vtDocRef)
ALERT("Please select an encrypted document.")
$vtDocRef:=Open document("") `Select Update.txt
If(OK=1)
CLOSE DOCUMENT($vtDocRef)
DOCUMENT TO BLOB(Document;$vbEncrypted)
DOCUMENT TO BLOB("PublicKey.txt";$vbPublicKey)
If(OK=1)
DECRYPT BLOB($vbEncrypted;$vbPublicKey)
BLOB TO VARIABLE($vbEncrypted;$vtDecrypted)
CREATE RECORD([Private])
[Private]Info:=$vtDecrypted
SAVE RECORD([Private])
End if
End if
A company wants to use the Internet to exchange information. Each subsidiary receives private information and also sends information to the corporate office. Consequently there are two requirements:
- The recipient only should be able to read the message,
- The recipient must have proof that the message was sent by the sender himself.
1) The corporate office and each subsidiary generate their own key pairs (with the GENERATE_KEYS_TXT method).
2) The private key is kept secret by both sides. Each subsidiary sends its public key to the corporate office who, in its turn, sends its public key too. This key transfer does not need to be done through a secured channel as the public key is not enough to decrypt the message.
3) To encrypt the information to send, the subsidiary or the corporate house executes the ENCRYPT_INFO_2 method which uses the sender’s private key and the recipient’s public key to encrypt the information:
`Method ENCRYPT_INFO_2
C_BLOB($vbEncrypted;$vbPrivateKey;$vbPublicKey)
C_TEXT($vtEncrypt)
C_TIME($vtDocRef)
$vtEncrypt:=[Private]Info
VARIABLE TO BLOB($vtEncrypt;$vbEncrypted)
` Your own private key is loaded...
DOCUMENT TO BLOB("PrivateKey.txt";$vbPrivateKey)
If(OK=1)
` ...and the recipient’s public key
ALERT("Please select the recipient’s public key.")
$vhDocRef:=Open document("") `Public key to load
If(OK=1)
CLOSE DOCUMENT($vtDocRef)
DOCUMENT TO BLOB(Document;$vbPublicKey)
`BLOB encryption with the two keys as parameters
ENCRYPT BLOB($vbEncrypted;$vbPrivateKey;$vbPublicKey)
BLOB TO DOCUMENT("Update.txt";$vbEncrypted)
End if
End if
4) The encrypted file can then be sent to the recipient via the Internet. If a third person gets hold of it, he or she will not be able to decrypt the message, even if he or she has the public keys as the recipient’s private key will also be required.
5) Each recipient can decrypt the document by using his/her own private key and the sender’s public key:
`Method DECRYPT_INFO_2
C_BLOB($vbEncrypted;$vbPublicKey;$vbPrivateKey)
C_TEXT($vtDecrypted)
C_TIME($vhDocRef)
ALERT("Please select the encrypted document.")
$vhDocRef:=Open document("") `Select the Update.txt file
If(OK=1)
CLOSE DOCUMENT($vhDocRef)
DOCUMENT TO BLOB(Document;$vbEncrypted)
`Your own private key is loaded
DOCUMENT TO BLOB("PrivateKey.txt";$vbPrivateKey)
If(OK=1)
` ...and the sender’s public key
ALERT("Please select the sender’s public key.")
$vhDocRef:=Open document("") `Public key to load
If(OK=1)
CLOSE DOCUMENT($vhDocRef)
DOCUMENT TO BLOB(Document;$vbPublicKey)
`Decrypting the BLOB with two keys as parameters
DECRYPT BLOB($vbEncrypted;$vbPublicKey;$vbPrivateKey)
BLOB TO VARIABLE($vbEncrypted;$vtDecrypted)
CREATE RECORD([Private])
[Private]Info:=$vtDecrypted
SAVE RECORD([Private])
End if
End if
End if
CryptoKey class
DECRYPT BLOB
Encrypt data BLOB
GENERATE ENCRYPTION KEYPAIR
Product: 4D
Theme: BLOB
Number:
689
Created: 4D v6.7
Public Key, PKCS, Optimization, Encryption, Private key
4D Language Reference ( 4D v20 R7)