Siaqodb supports Field based data encryption. You may use one of two built-in encryption algorithms: AES and XTEA. Alternatively you can define and plug-in your own custom algorithm. It is simple to enable encryption as the following example shows:

SiaqodbConfigurator.EncryptedDatabase = true;

Encryption must be enabled before opening the database. The example above uses the default AES encryption algorithm and a built-in password. The default encryption algorithm can be changed as follows:

SiaqodbConfigurator.SetEncryptor(BuildInAlgorithm.XTEA);

If you want to use a custom password for data encryption you can do it as follows:

SiaqodbConfigurator.SetEncryptionPassword("mysecretpwd");

Important always set the password after you set the algorithm,ex:

SiaqodbConfigurator.SetEncryptor(BuildInAlgorithm.XTEA);
SiaqodbConfigurator.SetEncryptionPassword("mysecretpwd");

If you want to implement a custom encryption algorithm you need to implement the Sqo.Encryption.IEncryptor interface. Following example implement a very simple XOR encryption algorithm:

class MyEncryptor : Sqo.Encryption.IEncryptor
{
    #region IEncryptor Members
    public void Decrypt(byte[] bytes, int off, int len)
    {
        for (int i = 0; i < len; i++)
        { 
            bytes[i]^=5;
        }
    }
    public void Encrypt(byte[] bytes, int off, int len)
    {
        for (int i = 0; i < len; i++)
        {
            bytes[i] ^= 5;
        }
    }
    public int GetBlockSize()
    {
        return 128;
    }
    #endregion
}

Custom encryption takes two steps:

  • The client application receives a byte[] array from the Siaqodb engine. The array has a length of N*GetBlockSize()/8 where N is a positive integer.
  • The client application then encrypts this array in any desired manner. Since the byte[] array is passed by reference, any changes will be automatically stored by the Siaqodb engine.

Custom decryption is similar:

  • The client application receives a byte[] array from the Siaqodb engine. The array has a length of N*GetBlockSize()/8 where N is a positive integer.
  • It is then up to the client application to decrypt the array in order to restore it to its original, unencrypted state. To set the XOR encryption algorithm implemented above, just set it by:
SiaqodbConfigurator.SetEncryptor(new MyEncryptor ());

Important: Once a database has been encrypted with a given algorithm and password, the same password and corresponding decryption algorithm must be used. If you want to change the password or use a different encryption algorithm you would need to follow these steps:

  1. Load all objects into memory (this decrypts them).
  2. Close the database.
  3. Set the new password and encryption algorithm and then store the objects back into the Siaqodb database.