Página de criptografia
You can use this page to encrypt or decrypt (i.e. remove encryption from) the data file, according to the Encryptable attribute status defined for each table in the database.
For detailed information about data encryption in 4D, please refer to the Encrypting data section in the Design Reference manual. Para informação detalhada sobre criptografia em 4D, veja a seção "Criptografia de dados".
A new folder is created each time you perform an encryption/decryption operation. It is named "Replaced Files (Encrypting) yyyy-mm-dd hh-mm-ss> or "Replaced Files (Decrypting) yyyy-mm-dd hh-mm-ss".
Encryption is only available in maintenance mode. Se tentar realizar essa operação no modo padrão, um diálogo de aviso informará que o banco será fechado e se reiniciará no modo de manutenção
Aviso:
- A criptografia de um banco de dados é uma operação demorada. It displays a progress indicator (which could be interrupted by the user). Note também que a operação de criptografia de um banco de dados sempre inclui um passo de compactação.
- Each encryption operation produces a copy of the data file, which increases the size of the application folder. It is important to take this into account (especially in macOS where 4D applications appear as packages) so that the size of the application does not increase excessively. Manually moving or removing the copies of the original file inside the package can be useful in order to minimize the package size.
Encriptar dados pela primeira vez
Encrypting your data for the first time using the MSC requires the following steps:
- In the Structure editor, check the Encryptable attribute for each table whose data you want to encrypt. Ver a secção "Propriedades das tabelas".
- Abra a página Encriptar do CSM. If you open the page without setting any tables as Encryptable, the following message is displayed in the page:
Otherwise, the following message is displayed:
This means that the Encryptable status for at least one table has been modified and the data file still has not been encrypted.
This means that the Encryptable status for at least one table has been modified and the data file still has not been encrypted.Note:The same message is displayed when the Encryptable status has been modified in an already encrypted data file or after the data file has been decrypted (see below).
- Click on the Encrypt picture button.
You will be prompted to enter a passphrase for your data file:The passphrase is used to generate the data encryption key. A passphrase is a more secure version of a password and can contain a large number of characters. For example, you could enter a passphrases such as "We all came out to Montreux" or "My 1st Great Passphrase!!" The security level indicator can help you evaluate the strength of your passphrase:
(deep green is the highest level)
- Introduza para confirmar a sua frase-passe protegida.
O processo de encriptação é então iniciado. Se o MSC foi aberto em modo padrão, o banco de dados é reaberto em modo manutenção.
4D offers to save the encryption key (see Saving the encryption key below). Pode fazê-lo neste momento ou mais tarde. Também é possível abrir o ficheiro de registo da encriptação.
If the encryption process is successful, the Encrypt page displays Encryption maintenance operations buttons.
Warning: During the encryption operation, 4D creates a new, empty data file and fills it with data from the original data file. Records belonging to "encryptable" tables are encrypted then copied, other records are only copied (a compacting operation is also executed). If the operation is successful, the original data file is moved to a "Replaced Files (Encrypting)" folder. Se tentar entregar um arquivo de dados criptografado, tenha certeza de antes mover/remover qualquer arquivo de dados não criptografado na pasta de banco de dados.
Operações de manutenção da cifragem
When a database is encrypted (see above), the Encrypt page provides several encryption maintenance operations, corresponding to standard scenarios.
Fornecimento da chave de encriptação de dados atual
For security reasons, all encryption maintenance operations require that the current data encryption key be provided.
- If the data encryption key is already loaded in the 4D keychain(1), it is automatically reused by 4D.
- Se a chave de encriptação de dados não for encontrada, é necessário fornecê-la. O seguinte diálogo se mostra:
Nesta fase, tem duas opções:
- enter the current passphrase(2) and click OK. OU
- connect a device such as a USB key and click the Scan devices button.
(1) The 4D keychain stores all valid data encrpytion keys entered during the application session. (2) The current passphrase is the passphrase used to generate the current encryption key.
In all cases, if valid information is provided, 4D restarts in maintenance mode (if not already the case) and executes the operation.
Volte a encriptar os dados com a chave de encriptação atual
This operation is useful when the Encryptable attribute has been modified for one or more tables containing data. In this case, to prevent inconsistencies in the data file, 4D disallows any write access to the records of the tables in the application. Re-encrypting data is then necessary to restore a valid encryption status.
- Click on Re-encrypt data with the current encryption key.
- Introduzir a chave de encriptação de dados atual.
The data file is properly re-encrypted with the current key and a confirmation message is displayed:
Alterar a sua frase-chave e voltar a encriptar os dados
This operation is useful when you need to change the current encryption data key. For example, you may need to do so to comply with security rules (such as requiring changing the passphrase every three months).
- Click on Change your passphrase and re-encrypt data.
- Introduzir a chave de encriptação de dados atual.
- Enter the new passphrase (for added security, you are prompted to enter it twice):
The data file is encrypted with the new key and the confirmation message is displayed.
Desencriptar todos os dados
Esta operação remove toda a encriptação do ficheiro de dados. Se já não pretender que os seus dados sejam encriptados:
- Clique em Decodificar todos os dados.
- Enter the current data encryption key (see Providing the current data encryption key).
The data file is fully decrypted and a confirmation message is displayed:
Once the data file is decrypted, the encryption status of tables do not match their Encryptable attributes. To restore a matching status, you must deselect all Encryptable attributes at the database structure level.
Guardar a chave de encriptação
4D permite salvar a chave de encriptação de dados em um arquivo dedicado. The file name must have the .4DKeyChain
extension, for example "myKeys.4DKeyChain". Armazenar esse arquivo em um aparelho externo, como um pendrive USB, facilita o uso de um banco de ados criptografado, já que o usuário só precisa conectar o aparelho para fornecer a chave de criptografia antes de abrir o banco de dados para poder acessar os dados criptografados.
You can save the encryption key each time a new passphrase has been provided:
- quando o banco de dados for criptografado pela primeira vez,
- quando o banco de dados for re-criptografado com uma nova frase secreta.
Podem ser armazenadas chaves de encriptação sucessivas no mesmo dispositivo.
Storing the data encryption key file at the first level of the device is mandatory when you use the Automatic restore and log integration feature. When the restoring sequence is triggered, 4D must have access to the encryption key file, otherwise an error occurs.
Arquivo histórico
Depois que a operação de criptografia tiver sido completada, 4D gera um arquivo na pasta Logs do banco de dados. É criado no formato XML e se chama "DatabaseName_Encrypt_Log_yyyy-mm-dd hh-mm-ss.xml" ou "DatabaseName_Decrypt_Log_yyyy-mm-dd hh-mm-ss.xml".
An Open log file button is displayed on the MSC page each time a new log file has been generated.
The log file lists all internal operations executed pertaining to the encryption/decryption process, as well as errors (if any).