Encrypting and decrypting database files

Note  This feature is available when the Use advanced tools general preference is selected. See Using advanced tools.

Encryption protects FileMaker Pro database files from unauthorized access while the files are being stored on disk. Encrypted files can be decrypted as needed.

You create an encryption password for the file, which protects the data if the file is copied or stolen. To change a file’s encryption password, you must re-encrypt the file.

Warning  Encryption passwords cannot be recovered. Do not forget the encryption password that you assign to an encrypted database file. If necessary, write it down and store it in a secure place. If you lose or forget the encryption password, you will not be able to access or change the file.

If you have a multifile custom app, encrypt all database files with the same encryption password and shared ID. When one encrypted file attempts to access another encrypted file, FileMaker Pro displays the Database Encryption Password dialog box if the files’ encryption passwords or shared IDs do not match.

When a file is decrypted, the secure or open storage of container data stored externally remains as it was before the file was decrypted. To change how the data is stored in the decrypted file, see Setting up container fields to store data externally.

Files hosted by FileMaker Cloud must be encrypted by either FileMaker Pro or FileMaker Cloud. See FileMaker Cloud Help.

To encrypt a file:

  1. Close all the database files that you are going to encrypt.

  2. Choose Tools menu > Developer Utilities.

  3. If you have used Developer Utilities on the same custom app before and saved your settings, click Load Settings, locate and select the appropriate .sav file, then click Load.

  4. Click Add, select the file or files that you want to encrypt, then click Add again.

    Encrypt files that are in a multifile custom app all at the same time.

  5. For Project Folder, click Specify to choose a location for the encrypted custom app.

  6. To rename the encrypted copy of the file, for Rename file, type a filename and click Change.

  7. To be able to quickly repeat the process, click Save Settings, and choose a folder and location for your settings file. See Saving settings for the Developer Utilities.

  8. For Solution Options, click Specify.

  9. In the Specify Solution Options dialog box, select Enable Database Encryption (or Re-encrypt files).

  10. For Shared ID, type any combination of uppercase or lowercase characters, numbers, and symbols between 1 and 32 characters.

    Important  The shared ID is case sensitive.

    Encrypted files in multifile custom apps are linked by the shared ID.

  11. FileMaker Pro only: For FileMaker Account, click Specify.

  12. FileMaker Pro only: Enter the FileMaker file account name and password for an account with Full Access privileges, then click OK.

  13. For Encryption Password, click Specify.

  14. Type an encryption password and a password hint for the files, then click OK.

    Important  The encryption password is case sensitive.

  15. By default, FileMaker Pro uses secure storage to encrypt container data that is stored externally. If you do not want to encrypt container data when you encrypt your database files, select Keep Open Storage.

    Note  You can change the secure or open storage of container data that is stored externally after you encrypt database files. See Setting up container fields to store data externally.

  16. Click OK, then click Create.

To decrypt a file:

  1. Follow steps 1-8 in "To encrypt a file," above.

  2. In the Specify Solution Options dialog box, select Remove Database Encryption.

  3. For Encryption Password, enter the current encryption password for the database files.

  4. FileMaker Pro only: For FileMaker Account, click Specify.

  5. FileMaker Pro only: Enter the FileMaker file account name and password for an account with Full Access privileges, then click OK.

  6. Click OK, then click Create.

To change the password for an encrypted file:

  1. Close all the encrypted files whose password you are going to change.

  2. Follow steps 2-15 in "To encrypt a file," above.

  3. For the Encryption Password text box at the bottom of the Specify Solution Options dialog box, enter the current encryption password for the database file or files.

    Note  The Encryption Password text box is visible only if one or more of the selected files are encrypted.

  4. Click OK, then click Create.

Notes 

  • Temporary files that are created by encrypted files are also encrypted.

  • To add a new database file to an encrypted multifile custom app, encrypt the new file with the same encryption password and shared ID as the database files in the custom app.

  • When you export records from an encrypted database file, the records are always exported to a file that is not encrypted, regardless of the export file format.