Firebird Encryption Plugin Framework

Purchase & Download


  • Firebird Encryption Plugin Framework (Unlimited) BRL$ 10000
  • Firebird Encryption Plugin Framework (Unlimited+Consulting) BRL$ 12000
Firebird Encryption Plugin Framework is the fast and easy way to add transparent and strong (AES256, Windows Crypto API, etc) encryption for Firebird databases:
  • Pre-built binaries for Firebird 3.0.3+ and Firebird 4.0.x, Windows 32/64 and Linux 32/64
  • Gbak.exe with encryption of databases and backups.
  • Decrypt tool for recovery of corrupted encrypted databases (requires FirstAID)
  • Full sources included
  • Unlimited license for redistribution with all business applications of your company
  • Detailed examples of the implementation in Delphi, PHP, etc
  • (Optional) Implementation support - our engineers will help you to implement and integrate encryption
  • (Optional) SQL development tool with the encryption support

Firebird Encryption Plugin Framework

Firebird 3.0 has introduced the ability to encrypt databases to protect sensitive data from the unauthorized access and prevent the direct work with the databases: only designated applications should be able to work with encrypted databases. 
Download Firebird Encryption Plugin demo It also important to keep the ability to work with the encrypted Firebird databases in the trusted environment - i.e., developer and system administrator should have transparent access to the databases through their favorite development and administrator tools.
To provide the high level of the protection, each application should have the custom implementation of an encryption, and that's why we have created Firebird Encryption Plugin Framework – source code and implementation guidance to implement Firebird encryption. 
FEPF uses AES256 cryptography to encrypt data on the page level (other cryptography methods can be implemented). The plugin encrypts only users' data: records, BLOBs, indices keys, sources of stored procedures and triggers. Firebird system pages (pointer, transactions, etc) are not encrypted to increase performance. Encryption and decryption do not require an exclusive access to the database: end-user applications can work with the database while the database is encrypted or decrypted.

How to implement Firebird database encryption

There are 2 phases in the implementation process: database phase and end-user application

Database phase

  1. Copy plugin files (and, if necessary, firebird.conf and KeyHolder.conf) to Firebird folder
  2. Generate keys  - you can generate as many keys as needed (if necessary)
  3. Encrypt database with the command «alter database encrypt with key KEYNAME» (in isql.exe or in your application) 
  4. Check that gbak, gfix, isql work with the encrypted database.
After this phase the database is encrypted, all users and standard applications are working as usual, without modification: Firebird transparently retrieves keys from KeyHolder.conf.

Some customers can be satisfied with this implementation or amend plugin (KeyHolder.dll) to retrieve keys from the more secure place than KeyHolder.conf (for example, use DPAPI or other mechanisms).
The protection scheme should be individual, don't hesitate to contact our support to discuss various options.

End-user application

  1. Embed into the end-user application the code to initialize encrypted connection and transfer of keys. There are examples for Delphi, PHP, .NET, Java available (by request).
  2. Remove KeyHolder.conf from the test server, and restart Firebird
  3. Test the following
    • end-user application is able to work with the encrypted database
    • standard Firebird tools and development tools do not have access to the encrypted database
    • gbak with encryption support creates encrypted backups
  4. End-user applications are ready for deployment
Please contact us with any questions:


The unlimited license allows unlimited redistribution of encryption plugins to third-party organizations, bundled with your business applications. Firebird Encryption Plugin Framework includes full sources for the plugin and implementation technical support for the single application.

Technical information.

Encryption Plugin Framework requires Firebird 3.0.3+. It supports Windows and Linux, 32bit and 64bit.
To build custom binaries, you will need Visual Studio 2010 - it is the official build machine for Firebird 3, so plugins also should be built with it.