Releases

Jaybird 6.0.2 Minor Release: Jaybird 6.0.2 released with inline blob support

Firebird 5.0.2 Minor Release: update your v5.0!

Firebird 4.0.5 Minor Release: update your v4.0!

Firebird 3.0.12 Minor Release: important bugfixes for Firebird 3.0!

ADO.NET provider 10.0.0.0: with Entity Framework Core 7.0 support!

Purchases through FirebirdSQL shop generate commissions that fund open source Firebird development.

License: Encryption Plugin Framework for Firebird, Unlimited, permanent, per company, sources
Price: EUR €1699 / USD $1999
Description: Unlimited permanent license per company for Encryption plugin framework, includes update for Firebird versions available at the purchase moment (currently 5.0, 4.0, 3.0). Shipped with sources and pre-built binaries.
License: Encryption Plugin Framework for Firebird, Unlimited, permanent, per company, sources+Consulting
Price: EUR €2149/ USD $2499
Description: Unlimited permanent license per company for Encryption plugin framework, includes update for Firebird versions available at the purchase moment (currently 5.0, 4.0, 3.0). Shipped with sources and pre-built binaries. Includes implementation consulting for 1 client application.

Encryption Plugin Framework For Firebird (Vendor: IBSurgeon)

The IBSurgeon's Encryption Plugin Framework for Firebird is a comprehensive solution that provides fast and easy implementation of transparent, strong encryption for Firebird databases. Built on AES256 cryptography with optional Windows Crypto API support, this framework enables secure database protection while maintaining compatibility with existing applications and development tools.

Key Features

Strong Encryption Technology

The framework uses AES256 cryptography to encrypt data at the page level, providing military-grade security for sensitive database information. Other cryptography methods such as DPAPI can be implemented. The plugin encrypts only user data including records, BLOBs, index keys, and sources of stored procedures and triggers, while leaving Firebird system pages unencrypted to maintain optimal performance.

Transparent Operation

Database encryption and decryption do not require exclusive access to the database. End-user applications can continue working with the database while encryption or decryption processes are running.

Platform and Version Support

The framework supports:

  • Firebird versions 3.0.3+, 4.0.x, and 5.0.x
  • Windows 32-bit and 64-bit platforms
  • Linux 32-bit and 64-bit platforms
  • Pre-built binaries available for immediate use
  • Full source code included for customization

Enhanced Backup and Restore

Includes a modified gbak.exe utility that supports encryption for both databases and backup files. This ensures data remains protected throughout the entire backup and restore process. The enhanced gbak supports:

  • Encrypted backup creation using the same key as database encryption
  • Restore from encrypted backup files
  • Key specification through files (-KEYFILE) or explicit values (-KEY)
  • Named key support (-KEYNAME) for organized key management

Client-Side KeyHolder Support

There is client-side KeyHolder functionality, allowing fbclient.dll to load keys from KeyHolder.conf on the client side. This enables transparent and secure connections for developer tools, Firebird command-line utilities, and other applications without requiring key exchange support modifications.

Recovery and Debugging Tools

The framework includes specialized tools for handling encrypted database corruption:

  • Low-level decryption tool for corrupted encrypted databases
  • IBSurgeon FirstAID recovery tool license included (for 10 databases in Unlimited license)
  • Support for recovery operations on encrypted databases

Implementation Process

Database Phase Implementation

The database-side implementation involves four simple steps:

  1. Copy plugin files (dbcrypt.dll, keyholder.dll) and configuration files to the Firebird folder
  2. Generate encryption keys as needed using the included tools
  3. Encrypt the database using the SQL command: ALTER DATABASE ENCRYPT WITH [plugin_name] KEY [key_name]
  4. Verify that standard Firebird tools (gbak, gfix, isql) work properly with the encrypted database

Application Integration

For end-user applications, integration requires minimal code changes:

  • Embed key initialization code before establishing database connections
  • Use provided examples for various programming languages (Delphi, Lazarus, PHP, .NET, Java)
  • Three simple function calls enable encrypted connections: fbcrypt_init(), fbcrypt_key(), and fbcrypt_callback()
  • Remove server-side KeyHolder.conf to enforce application-level key management

Key Management

The framework supports flexible key management approaches:

  • Server-side keys: Keys stored in KeyHolder.conf for transparent access
  • Application-provided keys: Keys transmitted from client applications for enhanced security
  • Named key system: Multiple keys can be managed with descriptive names
  • Customizable storage: Keys can be retrieved from secure sources like DPAPI or custom mechanisms

Security Features

Data Protection

The framework protects sensitive data from unauthorized access by encrypting all user-generated content while maintaining system performance through selective encryption of only necessary database components.

Access Control

Encrypted databases can only be accessed by designated applications that possess the correct encryption keys. Standard database tools and unauthorized applications cannot access encrypted database content without proper key configuration.

Development Environment Support

Maintains the ability for developers and system administrators to access encrypted databases through their preferred development and administration tools when operating in trusted environments with proper key configuration.

Programming Language Support

The framework includes detailed implementation examples and libraries for:

  • Delphi: Complete example application with full source code
  • Lazarus: Cross-platform Pascal development support
  • PHP: Web application integration examples
  • .NET: Microsoft .NET framework compatibility
  • Java: Enterprise Java application support

Demo and Trial Version

A fully functional time-limited demo version is available that includes:

  • Complete AES256 encryption plugin (trial license valid until October 2025)
  • Example client applications with full source code
  • Performance testing capabilities for existing databases
  • Step-by-step implementation guides
  • Support for both server-side and client-side key management testing

Licensing Options

Unlimited License

  • Unlimited redistribution rights for business applications owned by the licensee
  • Full source code included
  • Pre-built binaries for all supported platforms
  • Implementation technical support for one application
  • FirstAID recovery tool license included (version 2021+)

Unlimited License with Consulting

  • All features of the Unlimited License
  • Professional implementation consulting services
  • Engineering support for integration assistance
  • Custom implementation guidance

Technical Requirements

  • Firebird: Version 3.0.3 or higher (supports 3.x, 4.x, 5.x)
  • Development: Visual Studio 2010 for custom binary compilation
  • CPU: SSE2 instruction set support required, AES instruction set optional but beneficial
  • Linux: libtommath libraries and GLIBC_2.14+ required
  • Architecture: 32-bit and 64-bit support for Windows and Linux

Integration with HQbird

For users of HQbird 2022 and later versions, the encryption plugin files are already included, eliminating the need for separate downloads. The framework integrates seamlessly with HQbird's enhanced Firebird distribution for enterprise-grade database management with built-in encryption capabilities.

 

Remember that purchasing services and products in Firebird SQL shop directly funds the development of free open source Firebird SQL.

 

Popular

All Reference Manuals

1

Firebird 5.0.2

2

EmberWings Magazine

3

Firebird Roadmap

4

Support Firebird

5

Shop

6