Encryption and decryption

Functions: Encrypt and decrypt

Available in plugin version 1.7.0.17.

There are two functions to encrypt and decrypt data using the AES algorithm. The functions support AES-128-CBC, AES-192-CBC, and AES-256-CBC.

The plugin also has encryption/decryption as FileMaker Plugin commands available from FileMaker scripts directly, but the functions here are available directly from the ACF language. The plugin commands dsPD_EncryptParBlock2Base64 and dsPD_DecryptBase64_2ParBlock use aes-256-cbc only, and handle only base64 encoding. The encrypt and decrypt functions described here have some more flexibility.

The string datatype in the ACF language handles binary content well and therefore the encrypt function can be used to encrypt files in binary format.
The document service uses aes-256-cbc for its encryption service. Having the key, one can use those functions to decrypt encrypted documents stored in the document service as a fallback if the web server has issues.

Note: The key used to encrypt data must be kept safe and secure. The only way to decrypt data is using the key, and a lost key is non-recoverable. Also, the key must not fall into the hands of people not authorized to decrypt the content.

Prototype:

string encrypted = encrypt ( int method, string key, string data, int output_encoding); 
string decrypted = decrypt ( int method, string key, string encrypted, int source_encoding);

Parameters:

Parameter name	Type	Description
method	Int	Use one of the constants: aes128cbc, aes192cbc, or aes256cbc
key	string	A string of hexadecimal numbers or a password. See the note below about Key encoding.
data/encrypted	string	For encrypt: Raw data to be encrypted. for decrypt: encrypted data with given source encoding
output_encoding/ Source encoding	int	Use one of the following constants: base64enc, hexenc or binary for not encoded.

Return value: Type String: for encrypt, encrypted data. For decrypt, decrypted data.

Key encoding

The key can either be a password string or a string of hexadecimal values. For hex strings, the length of the string must match the encoding algorithm selected. If the key is not entirely composed of hex digits (0-9, A-F) or the length is not correct, it will be taken as a password, and a new key will be produced based on it and used internally. The use of hex keys would be to match another system's keys. Having the hex keys means that other systems using OpenSSL can use it for encryption or decryption that is compatible. Even command-line decryption. The whole idea with this compatibility is to be able to secure transactions to other systems not running the ACF-plugin. The plugin function dsPD_GetPHPSampleEncryptDecryptCode can be used to generate hex keys for a given password that match the aes256cbc algorithm.

aes256cbc : 64 hex digits.
aes196cbc : 48 hex digits
aes128cbc : 32 hex digits

Example:

string encrypted = encrypt (aes256cbc, "MyPassword", "myData", base64enc); 
string decrypted = decrypt (aes256cbc, "MyPassword", encrypted, base64enc); 
// decrypted will be: myData

Example 2

This example shows two functions for encrypting and decrypting a file on disk. The key is hard-coded but could be set in preferences or supplied as a parameter to the function.

/*

    Encrypt a file on disk. Function asks for file, 
    and create a new file with .encrypted as extention. 
    
*/
function EncryptFile ()
    string path, opath, key; 
    int x; 
    string content, encrypted; 
    path = select_file ( "Select a file to encrypt"); 
    if ( path != "") then
        key = "SablaBabla029c";  
        x = open ( path, "r"); 
        content = read ( x ); 
        close (x); 
        encrypted = encrypt ( aes256cbc, key, content, binary); 
        opath = path + ".encrypted"; 
        x = open ( opath, "w"); 
        write ( x, encrypted ) ; 
        close (x); 
        // delete_file (path); 
    end if
    return "OK"; 
end 
/*

    Decrypt a file on disk. Function asks for file, 
    and create a new file removing .encrypted as extention. 
    the function verifies that the filename has .encrypted in it. 
    
*/
function DecryptFile ()
    string path, opath, key; 
    int x; 
    string content, decrypted; 
    path = select_file ( "Select a encrypted file to decrypt"); 
    if ( path != "") then
        if ( pos ( path, ".encrypted")>0) then
            key = "SablaBabla029c";  
            x = open ( path, "r"); 
            content = read ( x ); 
            close (x); 
            decrypted = decrypt ( aes256cbc, key, content, binary); 
            opath = substitute (path,  ".encrypted", ""); 
            x = open ( opath, "w"); 
            write ( x, decrypted ) ; 
            close (x); 
            // delete_file (path); 
        end if
    end if
    return "OK"; 
end