Encrypts text using the Rijndael AES algorithm and the password.
Encr_EncryptRijndaelAES ( switches ; password ; dataToEncrypt )
|switches||modifies the behavior of the function|
|password||the password to use|
|dataToEncrypt||the text (or container data) to encrypt|
Switches can be one of:
|-KeySize=256||(default) create a key for AES-256 encryption|
|-KeySize=128||create a key for AES-128 encryption|
You can add one or more of these switches to retrieve extra information:
|-AddIntializationVectorInfo||add the used Initialization Vector at the end of the result (need not be kept secret)|
|-AddSaltInfo||add the used Salt at the end of the result (need not be kept secret)|
|-AddKeyInfo||add the derived Key (derived from the password) at the end of the result (keep secret!)|
Other switches are not (yet) possible.
Data type returned
the encrypted text or an error code.
Returned error codes can be:
|$$-4244||no password was given|
Troi Encryptor Plug-in 1.2
FileMaker Pro 12 to 16
– Be sure to remember the password (case sensitive!): without it you can not retrieve the original data.
– It’s good practice to use a password that is at least 8 characters long. You can use higher Unicode characters!
– Don’t store the password.
– Use a global for the password field.
– The encrypted text is different every time you encrypt the same text. This is not a bug, but a security feature!
By default (or if you use the switch -KeySize=256) the text is encrypted using AES-256 bit CBC with a 32 byte key and 16 byte IV (derived via PBKDF2) and 20 byte salt. Padding according to PKCS7. Result is Base64 encoded.
If you use the switch -KeySize=128 the text is encrypted using AES-128 bit CBC with a 16 byte key and IV (derived via PBKDF2) and 20 byte salt. Padding according to PKCS7. Result is Base64 encoded.
More technical details can be found at the beginning of the user guide.
About Unicode and Passwords:
Passwords are always UTF8 encoded before the key is derived. This means that all Unicode characters can be used for the password.
“japan_” becomes “japan_0xE698BEE7A4BA” as password
“españa” becomes “espa0xC3B1a” as password
Text is also UTF8 encoded before encryption.
– You can also encrypt any type of container field, even containers that store a reference only. Note that for those containers only the reference is encrypted, not the original. This applies for all reference pictures and QuickTime movies.
Container data consists of several streams. Each stream is converted to base64 and this text is then encrypted. The text is formatted like this:
<TROI_BINARY_CONTAINER10><number of streams>
<length stream1><stream1 data>
<length stream2><stream2 data>
<length stream3><stream3 data>
Encr_EncryptRijndaelAES ( "-Unused" ; "mypassword" ; "mySecretTexts" )
This will give this result (or similar, as the encrypted text is different every time):
In a database you have defined a text field named “patientData” which contains illness data. Then define a calculation field:
encryptedDataCalc calculation Unstored = Encr_EncryptRijndaelAES ( "-Unused" ; gPasswordField ; patientData )
the calculation field will contain the encrypted text.
Set Field [ secretField ; Encr_EncryptRijndaelAES ( "-AddSaltInfo" ; gEncryptionPassword ; textField ) ]
this will result in:
The last part contains the so called Salt, which was used to change the encryption result. NOTE: Normally it is not necessary to know about Salt, IV’s and derived Keys to use it. If you want to decrypt the data on a non-FileMaker system it might be useful.