BlowFish FileMaker Encryption Plugins

Encryption for FileMaker

For FileMaker Versions 7 to 12 (Not compatible with versions 13 and above)

 
FM Pro Plugins

Shopping Cart Image Buy Now


FM Plugin ImageBlowFish Plugin Frequently Asked Questions (FAQ):

1. Why choose BlowFish over the other "script-based" FileMaker encryption solutions?

a.) The algorithm has been published since 1993 and many security specialists have analyzed it and attempted attacks. (With so called "script-based" solutions, you only have the opinion of the seller, since the "encryption method" has never been analyzed by third party cryptographic specialists!) Don't trust YOUR data to someone who simply SAYS "it's secure"! Listen to the EXPERTS!

b.) Blowfish has become a very popular encryption 'standard' and is used in MANY products, including the popular TiVo™ digital video recorders! Click HERE to see a list of many of the current users of BlowFish!

c.) The BlowFish plug-in tends to run MANY times faster than interpreted scripts! This can save you HOURS when working with big databases! (Even DAYS in encrypting very large databases!)

2. Why choose BlowFish over the Advanced Encryption Standard "Rijndael"? (Pronounced "rin-dal")

When we were evaluating which encryption algorithm to use in our encryption plug-in we evaluated Rijndael along with many others. We chose Blowfish because:

a.) Being chosen as a "government standard" is both Rijndael's best AND weakest points! The reason Windows™ has been "hacked" so frequently isn't just that it is more vulnerable...it's also because hackers concentrate on what they expect most people to USE in the systems they want to get into! AND they're most likely going to find Windows on the "other end" rather than Linux, Unix or Apple's OS X! Rijndael is being widely attacked today for the same reason!

b.) When Rijndael was chosen as the A.E.S., it was widely assumed that it would be "safe" for about 20 years! Recent attacks on it seem to be proving otherwise! A new kind of mathematical analysis is beginning to look like it should be able to "crack" Rijndael! (In fact SHA-1, which up to now was THOUGHT to be safe, WAS cracked by researchers in China! Click HERE to see the latest news on attacks on Rijndael and SHA-1.) The algorithm chosen in second place was cracked only a few weeks after the competition. A derivative based on the work done in creating Blowfish (called "Twofish" came in third. The committee was so impressed with Twofish, it was added to the committee's final recommendations for use as a secure algorithm.

c.) BlowFish can use keys up to 448 bits (56 characters) in length! (Rijndael is limited to 256 bits MAX, and most implementations only use 128 bits!) Cryptographers have long known that ANY key can be broken by trying all combinations of characters ("brute force".) Therefore, the SAFEST encryption is by using an 'infinitely long" non-repeating key! Since that's impossible, the longest possible key is almost ALWAYS the safest! (It doesn't take very long to try all combinations of characters in a short key, no matter how much 'hashing" is done in the encryption! This is called a "brute-force" attack.) If you REALLY want to protect your data, use the full 56 character key length of Blowfis with non-repeating characters from the full Unicode character set. A brute-force attack would take a VERY long time indeed (YEARS!!)

3. How do we know this plug-in really (and correctly) uses Blowfish?

It has been tested with the testing vectors (known input-output tables) published along with the algorithm. Since the plug-in (and FileMaker™ Pro 7 and later) uses multi-byte character sets known as Unicode, the result tables have been updated to reflect Unicode input/output, and are provided in the download package for your own testing and verification.

4. Does the plug-in require any other libraries or software to be installed?

No. The plug-in just requires FileMaker Pro 11 to FileMaker Pro 7, FileMaker Pro 7 - 11 Advanced, FileMaker Developer 7 - 11, or the current version of FileMaker Server

5. Exactly what is in the download?

  • Windows™ Version

An ENCRYPTED, "ZIPPED" file containing the Blowfish folder, which contains the plug-in, sample databases showing how to use it and all documentation.

  • Macintosh™ OS X Version

A compressed file (sitx or zip) containing the Blowfish "disk image file" (dmg) which when mounted, contains the BlowFish folder, that contains the plug-in, sample databases showing how to use it and all documentation. Simply "DRAG" the BlowFish folder to your "Documents" folder (or wherever on your Mac you wish to store it.)

6. How short/long can the key be?

The key can be from 4 to 56 characters in length. Keys longer than 56 characters use only the first 56 characters in the key. Keys at least 8 characters in length or longer are recommended for security reasons! (The longer, the better!)

7. How many characters (or how long a string) can the plug-in encrypt?

There is no limit on the plug-in. The only limit is the size of FileMaker database fields (in version 7, that is approximately 2 GB!)

8. Can I send the encrypted text in an email or over IM?

YES! The encrypted text simply consists of the "hexadecimal" Unicode text characters: "0123456789ABCDEF" which are compatible with any email, instant messaging or other application that can handle simple Unicode text (the normal text characters used in a Mac or Windows PC.)

To send the encrypted text, simply copy the encrypted field text to the clipboard and paste it into any email message. To decode any encrypted text you receive in an email or message, simply copy the encrypted text to a Filemaker field and decrypt it with the BlowFish Plug-In as you would do normally.

HINT: Sometimes in transiting thru emails, the encrypted text gets added characters and line-feeds added to it. To properly decrypt the text, these extra characters must be removed before calling the BlowFish "Decrypt" function. To remove any added characters, use the FileMaker built-in text function "Filter", using hexadecimal characters as the filter like this:

Setfield( <target field>, Filter( <encrypted text>, "0123456789ABCDEF"))

Where <target field> is the field you will pass to BlowFish to decrypt, and <encrypted text> is the encrypted text you received in the email or IM.

Then simply call BlowFish's "Decrypt" function on the <target field>, recovering the original text!

9. How do I install the plug-in?

Plug-in files must be installed in the appropriate folder and enabled in FileMaker Pro, FileMaker Developer or FileMaker Server before they can be used. Simply copy the plug-in into the FileMaker Extensions folder inside the FileMaker application folder and enable it in the preferences dialog box.

  •  Windows: Choose Edit menu > Preferences.
  •  Mac OS X: Choose FileMaker application menu > Preferences.

Then select the "Plug-Ins" tab and make sure it appears with a checkbox next to the plug-in.

10. How do I get rid of the dialog box that shows up when I first use the plug-in each time?

Simply register the plug-in from Sky Dancer for a very small fee! Special rates are available for developers and companies needing multiple copies.

11. What do the modes "ECB", "CBC" and "CFB" mean?

ECB: Electronic Code Book (ECB) is a mode of operation for a block cipher, with the characteristic that each possible block of plaintext has a defined corresponding ciphertext value and vice versa. In other words, the same plain-text value will always result in the same ciphertext value. Electronic Code Book is used when a volume of plaintext is separated into several blocks of data, each of which is then encrypted independently of other blocks. In fact, Electronic Code Book has the ability to support a separate encryption key for each block type.

CBC: Cipher block chaining (CBC) is a mode of operation for a block cipher (one in which a sequence of bits are encrypted as a single unit or block with a cipher key applied to the entire block). Cipher block chaining uses what is known as an initialization vector IV) of a certain length. One of its key characteristics is that it uses a chaining mechanism that causes the decryption of a block of ciphertext to depend on all the preceding ciphertext blocks. As a result, the entire validity of all preceding blocks is contained in the immediately previous ciphertext block. A single bit error in a ciphertext block affects the decryption of all subsequent blocks. Rearrangement of the order of the ciphertext blocks causes decryption to become corrupted. Basically, in cipher block chaining, each plaintext block is XORed (see XOR) with the immediately previous ciphertext block, and then encrypted.

CFB: Ciphertext feedback (CFB) is a mode of operation for a block cipher. In contrast to the cipher block chaining (CBC) mode, which encrypts a set number of bits of plaintext at a time, it is at times desirable to encrypt and transfer some plaintext values instantly one at a time, for which ciphertext feedback is a method. Like cipher block chaining, ciphertext feedback also makes use of an initialization vector (IV). CFB uses a block cipher as a component of a random number generator. In CFB mode, the previous ciphertext block is encrypted and the output is XORed (see XOR) with the current plaintext block to create the current ciphertext block. The XOR operation conceals plaintext patterns. Plaintext cannot be directly worked on unless there is retrieval of blocks from either the beginning or end of the ciphertext.

12. Can FileMaker database fields encrypted on a PC be decrypted on a Macintosh and vise-versa?

YES!!! The plug-in is fully cross-platform compatible!

13. Do I need a separate license for both the PC version and the Mac version?

A. Yes. The two versions of the plug-in use different key schemes.

14. How can I find out more about Blowfish?

Visit Bruce's Official Blowfish WEB site!

Visit: http://www.schneier.com/blowfish.html

FileMaker is a trademark of FileMaker, Inc., registered in the U.S. and other countries. FileMaker and the file folder logo are trademarks of FileMaker, Inc.



Comments