>Now my question: the routines need a key or seed for each encryption. I don't want the clerks to be entering this seed when they scan the cards. So where do I store the seed where it always available to the program? If I build it into the program presumably someone could find the source code and get it. Perhaps write a little FXP program that digs it out of the files somehow. Of course even if I lock up the source to that program someone could conceivably use a decompiler to dope it out?
>How have other folks solved this problem?
I've solved it by using another field in the record as the key, but it has to be one which is DAMN UNLIKELY to change for that record. Specific example, I encrypt passwords in my User file, and the encryption key is their Login Name as stored in the same record. (The Login Name in this database is derived from their NT Login Name, so it's pretty much going to stay with the user.) You could also use the record's surrogate primary key as the encryption key. (Or STR() or TRANSFORM() of it if it's an integer and you need a string.)
Cheers,
Rich.
Rich Addison, Micro Vane, Inc., Kalamazoo, MI
Relax, don't worry, have a homebrew.
- Charlie Papazian, The New Complete Joy of Home Brewing