Schema Source File Security

The encryption hooks provided by the schema extract and load facilities enable you to incorporate data encryption algorithms of your choice in your schema extract files. These hooks encrypt the JADE method source code in your schema extract files, enabling you to release schema extract files without making their source code easily visible.

If you extract an encrypted schema for deployment by a third‑party, ensure that you extract the encrypted schema to a location different from that of your source schema. If you subsequently load the encrypted schema (for testing purposes, for example), your method source code is lost if you load it into the same database that contains your original source files, which are not saved during the decryption process.

Example hook routines are included in the demodll.cpp demonstration file, provided in the demodll folder in the JADE examples directory. For further information if your JADE licence includes a support agreement, contact JADE Support.

When extracting method source code with encryption enabled, the following actions are performed.

  1. JADE looks in the SchemaEncryptionHookLibrary parameter in the [JadeSecurity] section of the JADE initialization file for the name of your user-defined encryption library (DLL). JADE uses a default encryption algorithm if you do not supply your own library. For details, see "JADE Security Section [JadeSecurity]", in the JADE Initialization File Reference.

  2. The compiler attempts to load the encryption library by calling LoadLibrary and gets the address of your predefined encryption hook routine by calling GetProcAddress. An error is raised if the library cannot be located in the JADE executable (binary) directory or in the current path.

  3. The source code is passed to your user-supplied encryption routine. The encryption routine can encrypt the source in any way and can change its length. For example, the encryption routine could embed an identifier at the beginning of the source to identify the type of encryption algorithm that is used.

  4. The encrypted source is written to the extract file.

When loading a schema extract file containing encrypted source code, the following actions are performed.

  1. JADE looks in the SchemaEncryptionHookLibrary parameter in the [JadeSecurity] section of the JADE initialization file for the name of your user-defined encryption library (DLL). JADE uses a default decryption algorithm if you do not supply your own library.

  2. JADE attempts to load the encryption library by calling LoadLibrary and gets the address of your predefined decryption hook routine by calling GetProcAddress. An error is raised if the library cannot be located in the JADE executable (binary) directory or in the current path.

  3. The compiler passes the encrypted source to your user-supplied decryption routine, which restores the source to its original form.

  4. The method source is compiled.

To retain confidentiality, the source code is not saved by the load process. (Any load or compile error that is raised during the load process displays only the error code and message, as the source is not available. The developer of the deployed schema must take the appropriate action, using the source of that schema.) For details about extracting and loading encrypted schemas, see "Encrypting Schema Source Files", in Chapter 10 of the JADE Development Environment User’s Guide.