Software tips, techniques, and news.

By Jeremiah Kincaid  Posted on  July 24th, 2014  in  Free Downloads, FileMaker

FileMaker Encryption With BaseElements

We here at DB Services love the BaseElements plugin. In fact we love it so much we decided to sponsor the development of HTTP POST in the plugin back at the beginning of 2012. Since then, we've used the HTTP POST functions in many web service integrations and are thankful for Goya's continued contributions to the FileMaker community with this Swiss-army-knife-esque, open-source plugin.

Just as we've needed HTTP POST many times over the years, we've also needed field-level encryption. So, as history tends to do, we repeated ourselves by sponsoring the development of the plugin again, but this time for encryption functions. The latest beta version of the BaseElements plugin (2.3 as of 4/23/2014) now includes a set of AES encryption functions that can be used to encrypt text fields in a FileMaker database.

FileMaker Encryption Functions

Where Encryption Fits

The new encryption functionality in the BaseElements plugin allows you to securely store sensitive data, such as credit card numbers and SSNs (ideally you wouldn't store this data, but if need be, encryption is an important component of PCI and HIPAA compliance). Encrypting the entire database at rest, using FileMaker Pro 13 Advanced's new file-level encryption, is also important in protecting sensitive data, but will not help you once a user has the database open. Encrypting at the field level prevents unauthorized users from accessing sensitive data in open FileMaker files, whether that be from exporting records, checking out a field value in Data Viewer, or accidentally stumbling upon a developer layout displaying the field.

If you have a FileMaker system that could benefit from a tighter security policy, contact us to discuss helping you add encryption to your system using the BaseElements plugin.

New Functions Sponsored by DB Services

  1. BE_Encrypt_AES( key ; text ). Does what it says on the tin: it encrypts a piece of text using the AES-256 bit encryption algorithm. AES is an industry-standard encryption algorithm developed by the National Institutes of Standards and Technology (NIST). The function outputs the results as a Base64-encoded string, so it can be stored in a text field.
  2. BE_Decrypt_AES( key ; text ). The opposite of encrypting, decrypting takes the encrypted string and outputs back the original piece of text. You must use the same key you used to encrypt.

A Couple Things to Note

  • Key length. From a functionality perspective, the length of the key doesn't matter: the plugin will work no matter how long the key is. My understanding is that the plugin will take whatever you pass as the key, MD5 hash it and use of first 256 bits of the hash as the real key, guaranteeing that the key is always 256 bits (AES-256 requires 256-bit keys). Despite the wonderful user-friendliness here, we strongly recommend you use a key of sufficient length and randomness, such as a UUID. The MD5 hashing doesn't increase the security of the encryption if an attacker uses the BaseElements plugin to try and guess the key.
  • Initialization vectors. People familiar with AES will no doubt wonder why the functions don't include an argument for an initialization vector (IV). The plugin doesn't support IVs at this time. IVs add an extra layer of security to the encryption, by giving different output for the same input. In other words, if you encrypt “abc” twice, you will get two different results, as long as you use two different initialization vectors. Decrypting these two different results would give back “abc” as expected. IVs protect against dictionary attacks and rainbow tables, and also slow down brute-force attacks. These are the same protections you get when you salt a password before hashing it. IVs can be thought of as salts for encryption.

If you are interested in sponsoring the plugin yourself, or donating to the cause, check out the BaseElements Plugin Donations and Sponsorship page. Nick at Goya is a pleasure to work with and is very timely in responding to questions and requests.

We hope to see more of the FileMaker community sponsoring and contributing to the BaseElements plugin. FileMaker plugins on GitHub are like custom functions on BrianDunning.com: The more plugin code available to the community, the better off the community at large will be. Open source is a rising tide that lifts all boats!

Did you know we are an authorized reseller for FileMaker Licensing?
Contact us to discuss upgrading your FileMaker software.

Download
Download the FileMaker Encryption With BaseElements File
Please complete the form below to download your FREE FileMaker file.
FileMaker Experience *
Terms of Use *
OPT-IN: I agree that I am downloading a completely free FileMaker application file with no strings attached. This file is unlocked, and I may use it for my business or organization as I see fit. Because I am downloading a free file, I agree that I should receive occasional marketing. I understand that I can OPT-OUT of these emails at anytime.
Jeremiah Kincaid thumbnail
Jeremiah Kincaid

Jeremiah is a Certified Salesforce Architect and Consultant who has been with DB Services since 2007. A Purdue University graduate, Jeremiah earned dual bachelors in Chemistry and Philosophy. His educational background and natural smarts gives him the ability to be successful both in the trenches of scripts as well as in collaboration with co-workers and clients. A rarity, indeed.

FileMaker 18 Certified Developer
FileMaker 17 Certified Developer
FileMaker 16 Certified Developer
FileMaker 15 Certified Developer
FileMaker 14 Certified Developer
FileMaker 13 Certified Developer
FileMaker 12 Certified Developer
FileMaker 11 Certified Developer
"We were actually able to add more features than we thought would be possible within our budget. We always experienced a ‘can do’ attitude and DB Services was incredibly patient and easy to work with."
Courtney Hartman
Art Director
"The new FileMaker custom website interface is very user-friendly and easy to follow for our clients. In addition, it is much faster than the old Instant Web Publishing (IWP) interface. Thank you and all the others who have helped us out at DB Services. I am very grateful for the excellent service you provide us. Its nice to know we can call you for help if we have an issue."
Wayne Capek
President
"We needed a solution that would simplify the administration of our responsibilities under our contract with the State of Indiana. We have seen a dramatic increase across the state in the number of potential foster and adoptive parents that have begun the preparation and training process. This increase has resulted in a significant opportunity for children available for adoption. That’s a big win for everyone! And it’s all because we can refer potential parents to the proper state contacts efficiently and quickly."
Chris Morrison
Executive Director
"Thank you for all of your expertise and valuable help. I am so grateful to have found DB Services."
Linda Findlay
Owner
"Thank you for our new database system. We transitioned from a carbon copy paper based system to a digital database. The software has saved us time and money. We used to archive all our jobs in cabinets, now we can look up a job in seconds from anywhere. The software allows us to easily email estimates to our customers in pdf format. In a year there was a return on investment just from eliminating the purchasing of our carbon forms."
Todd Cartmel
Owner
"The new system allows us to create and track jobs for customers along with inventory, something we had been doing with separate word and spreadsheet files. Because it’s now so intuitive, new staff members are able to begin using the database immediately without our usual training session and ‘cheat sheets’ for getting around within the file."
Tom Andrews
President