Re: Securing sensitive data in a 4D data file (Chip Scheide)
No - not going to world tour. > Chip- > > Any chance you are going to World Tour? You might see something of > interest ;-). > > Mike > > Mike Beatty > Objective Systems > ** > 4D Internet Users Group (4D iNUG) > Archive: http://lists.4d.com/archives.html > Options: https://lists.4d.com/mailman/options/4d_tech > Unsub: mailto:4d_tech-unsubscr...@lists.4d.com > ** Hell is other people Jean-Paul Sartre ** 4D Internet Users Group (4D iNUG) Archive: http://lists.4d.com/archives.html Options: https://lists.4d.com/mailman/options/4d_tech Unsub: mailto:4d_tech-unsubscr...@lists.4d.com **
Re: Securing sensitive data in a 4D data file (Chip Scheide)
Chip- Any chance you are going to World Tour? You might see something of interest ;-). Mike Mike Beatty Objective Systems ** 4D Internet Users Group (4D iNUG) Archive: http://lists.4d.com/archives.html Options: https://lists.4d.com/mailman/options/4d_tech Unsub: mailto:4d_tech-unsubscr...@lists.4d.com **
Re: Securing sensitive data in a 4D data file (Chip Scheide)
Thinking about this a little bit. (BTW - I am going to use keychain to refer to both platforms equivalent) If the system is running client server - the keys would need to be stored (and retrieved from) the server's keychain, and this is/would be fine, as long as it was insured that keychain was backed up AND recoverable in case of disk or other hardware failure. However, if the system were to be merged with an engine, or simply run in 4D standalone storing the keys in keychain would make the app not portable, and the key pair to unencrypted the data would be tied to a specific machine, and again the issue of recoverability of the keychain data comes into play. Any thoughts? Chip On Mon, 1 Apr 2019 07:04:36 -0600, John DeSoi via 4D_Tech wrote: > On the Mac one option is to script storing the private key in the > Keychain with LAUNCH EXTERNAL PROCESS. Type "man security" Terminal > to see the command line interface options. > > John DeSoi, Ph.D. > > >> On Mar 31, 2019, at 10:54 PM, Chip Scheide via 4D_Tech >> <4d_tech@lists.4d.com> wrote: >> >> I was planning on keeping the keys in the data file... but I can see >> that might be an issue. >> Any other ideas on where/how to keep the keys, given the above? > > ** > 4D Internet Users Group (4D iNUG) > Archive: http://lists.4d.com/archives.html > Options: https://lists.4d.com/mailman/options/4d_tech > Unsub: mailto:4d_tech-unsubscr...@lists.4d.com > ** --- Gas is for washing parts Alcohol is for drinkin' Nitromethane is for racing ** 4D Internet Users Group (4D iNUG) Archive: http://lists.4d.com/archives.html Options: https://lists.4d.com/mailman/options/4d_tech Unsub: mailto:4d_tech-unsubscr...@lists.4d.com **
Re: Securing sensitive data in a 4D data file (Chip Scheide)
Tom, The 'owner' of the data is indeed the user. if they become incapacitated, or whatever, then there is no loss to anyone else. Chip On Mon, 1 Apr 2019 06:38:35 -0700, Tom Benedict wrote: > Chip, > > Just checking to confirm that the ultimate ‘owner’ of the data is > indeed the individual user and if they are incapacitated or lose > their key that is OK and ’their’ data is inaccessible forever. Or is > there a need for a ‘master’ key? > > Tom Benedict > >> On Mar 31, 2019, at 21:54, Chip Scheide via 4D_Tech >> <4d_tech@lists.4d.com> wrote: >> >> Kirk, Bruno, >> It seems as if both of you use 1 single key pair to encrypt ALL the >> secure data. >> In my situation I am creating a key pair for each user, then >> encrypting that user's secure data with their own key. >> this way if one user accidentally, or intensionally gains access to >> other users secure data they can not actually unencrypted it, as >> their key will not give them functional access. >> >> I was planning on keeping the keys in the data file... but I can see >> that might be an issue. >> Any other ideas on where/how to keep the keys, given the above? >> >> Chip >> > > --- Gas is for washing parts Alcohol is for drinkin' Nitromethane is for racing ** 4D Internet Users Group (4D iNUG) Archive: http://lists.4d.com/archives.html Options: https://lists.4d.com/mailman/options/4d_tech Unsub: mailto:4d_tech-unsubscr...@lists.4d.com **
Re: Securing sensitive data in a 4D data file (Chip Scheide)
Chip, Just checking to confirm that the ultimate ‘owner’ of the data is indeed the individual user and if they are incapacitated or lose their key that is OK and ’their’ data is inaccessible forever. Or is there a need for a ‘master’ key? Tom Benedict > On Mar 31, 2019, at 21:54, Chip Scheide via 4D_Tech <4d_tech@lists.4d.com> > wrote: > > Kirk, Bruno, > It seems as if both of you use 1 single key pair to encrypt ALL the secure > data. > In my situation I am creating a key pair for each user, then encrypting that > user's secure data with their own key. > this way if one user accidentally, or intensionally gains access to other > users secure data they can not actually unencrypted it, as their key will not > give them functional access. > > I was planning on keeping the keys in the data file... but I can see that > might be an issue. > Any other ideas on where/how to keep the keys, given the above? > > Chip > ** 4D Internet Users Group (4D iNUG) Archive: http://lists.4d.com/archives.html Options: https://lists.4d.com/mailman/options/4d_tech Unsub: mailto:4d_tech-unsubscr...@lists.4d.com **
RE: Securing sensitive data in a 4D data file (Chip Scheide)
Windows has some support of Public Key Infrastructure. Maybe that's useful for storing keys. Some examples using Powershell: To find all relevant Powershell commands: Get-Command | where Source -eq pki To list certificates: Get-ChildItem Cert: List user certificates Get-ChildItem Cert:\CurrentUser\ List certificates of a certain publisher: Get-ChildItem Cert:\CurrentUser -Recurse | where Issuer -like CN=Bundes* More infos: * https://technet.microsoft.com/de-de/library/hh848636(v=wps.630).aspx * https://blogs.technet.microsoft.com/scotts-it-blog/2014/12/30/working-with-certificates-in-powershell/ Regards Lutz ** 4D Internet Users Group (4D iNUG) Archive: http://lists.4d.com/archives.html Options: https://lists.4d.com/mailman/options/4d_tech Unsub: mailto:4d_tech-unsubscr...@lists.4d.com **
Re: Securing sensitive data in a 4D data file (Chip Scheide)
Nice Idea! I don't think windows has an equivalent to keychain does it? THANKS Chip On Mon, 1 Apr 2019 07:04:36 -0600, John DeSoi via 4D_Tech wrote: > On the Mac one option is to script storing the private key in the > Keychain with LAUNCH EXTERNAL PROCESS. Type "man security" Terminal > to see the command line interface options. > > John DeSoi, Ph.D. > > >> On Mar 31, 2019, at 10:54 PM, Chip Scheide via 4D_Tech >> <4d_tech@lists.4d.com> wrote: >> >> I was planning on keeping the keys in the data file... but I can see >> that might be an issue. >> Any other ideas on where/how to keep the keys, given the above? > > ** > 4D Internet Users Group (4D iNUG) > Archive: http://lists.4d.com/archives.html > Options: https://lists.4d.com/mailman/options/4d_tech > Unsub: mailto:4d_tech-unsubscr...@lists.4d.com > ** --- Gas is for washing parts Alcohol is for drinkin' Nitromethane is for racing ** 4D Internet Users Group (4D iNUG) Archive: http://lists.4d.com/archives.html Options: https://lists.4d.com/mailman/options/4d_tech Unsub: mailto:4d_tech-unsubscr...@lists.4d.com **
Re: Securing sensitive data in a 4D data file (Chip Scheide)
On the Mac one option is to script storing the private key in the Keychain with LAUNCH EXTERNAL PROCESS. Type "man security" Terminal to see the command line interface options. John DeSoi, Ph.D. > On Mar 31, 2019, at 10:54 PM, Chip Scheide via 4D_Tech <4d_tech@lists.4d.com> > wrote: > > I was planning on keeping the keys in the data file... but I can see that > might be an issue. > Any other ideas on where/how to keep the keys, given the above? ** 4D Internet Users Group (4D iNUG) Archive: http://lists.4d.com/archives.html Options: https://lists.4d.com/mailman/options/4d_tech Unsub: mailto:4d_tech-unsubscr...@lists.4d.com **