Using Blowfish to encrypt a Access DB used in VB6 app

[Gimly]

Hi all ,

I have a VB6 app "pulling" info from an Access DB, my app does not write to the DB, only "pulls" info from the DB as all the info needed is already in the DB.

I have never used Blowfish or any encryption utilities so I am quite ignorant when it comes to encryption.

The question I have is how to encrypt the Access DB using Blowfish, I did download the CryptoAPI_demo but I have no clue as to what info to enter into the App to encrypt the DB, or where to enter the code.

If any of you could please help me, it would be greatly appreciated.

Kind Regards
Gimly

 

[chiph]

You need to clarify a few things:

1) Are you looking to encrypt the entire database, or just the content?
-- The difference is that if encrypt the entire database, you would have to decrypt it before performing *any* operations on the database (including connecting to it).

2) What is the threat you're trying to protect against?

3) How do you see it being used?

4) Why Blowfish? It's patented, so you really ought to look at a free algorithm like AES.

Chip H.


If you want to get the best response to a question, please check out FAQ222-2244 first

 

[vbSun]

Why dont you try to password protect the DB?

 

[Gimly]

Dear chiph,

I would just like to encrypt the content in the DB, my threat is my users/clients and competitors. What is AES and where can I get an example of it?

And also thanx to vbSun for your reply.

Thanx again
Gimly

 

[chiph]

AES is the new name for the Rijndael (pronounced "rain doll&quot algorithm. It stands for "Advanced Encryption Standard", and the US National Institute for Standards & Technology (NIST) department has decreed that it will replace DES, since DES can now be cracked over a long weekend.

You can download a VB implementation at:

http://www.esat.kuleuven.ac.be/~rijmen/rijndael/

(it's about 2/3 of the way down the page)

There are also commercial packages that implement it (do a Google).

In either case, download the test values from the above site & run them through your code to make sure it conforms to the standard.

One thing to remember is that AES is a block cipher, so whatever you encrypt will be padded out to a minimum of one blocksize, and a multiple of the blocksize above that. So if you use a 2048 bit key, to store "hello world" takes a minimum of 256 bytes.

Chip H.


If you want to get the best response to a question, please check out FAQ222-2244 first

 

[strongm]

Microsoft's CryptoAPI already supports AES, and you can use the CryptoAPI from VB...

 

[chiph]

strongm -

I didn't want to suggest that, as he may be running on Win9x, which AFAIK, doesn't support any/all of the Crypto API.

Plus, it's a real bear to learn.

Chip H.


If you want to get the best response to a question, please check out FAQ222-2244 first

 

[strongm]

Both fair points - but I still think it was worth pointing out that Windows has built-in cryptographic functionality

 

[Gimly]

I Thank the both of you for your informative replies.

I've tried something else. I saved the db as a txt file, so it looks encrypted if you open the .txt file and I have implemented a password.

When I call the db using the .txt file, it works perfectly, I don't even have to change (convert) the .txt file to .mdb for it to work.

the code when doing this looks like this:

con.connectionstring="provider=microsoft.jet.oledb.4.0;data source=" & app.path & "\mypath\database.txt;jet oledb:database password=" & password

I find it strange that I don't have to change the .txt to .mdb for the info to display. (but it works)

Now what I want to know is if you install this onto a users' PC will it work on all Windows OS, or will it be better to change the .txt to .mdb with code?

Thanx again
Gimly

 

[Golom]

You're changing the .mdb extension to .txt?

That's scary!

If someone should happen to open it with Word or WordPad or whatever, and save it ... chances are that your database will be hopelessly corrupted. (I just tried this. It was.)

 

[vbSun]

It will work if you change the extension. It will be better to create your own file extension (just pick three or four letters). In that case you wont get someone to open it and edit.. Even though you can open it with notepad with the "Open With" Context menu item. But give a break.. you can open anything that way..

But this may not be a good disguise. Cos, when ever an Acces DB is open, it creates an ldb file at the same path. Which is enough information that the db is access.

------------------------------------------
The faulty interface lies between the chair and the keyboard.