Claris FileMaker Security Guide: Best Practices for Configuring Security Options

Encrypt field data

The FileMaker Platform provides these functions to encrypt and decrypt data using a specified key:

CryptEncryptBase64: Accepts text or container data and returns encrypted, Base64-encoded text.
CryptDecryptBase64: Accepts Base64-encoded text encrypted by CryptEncryptBase64 and returns decrypted data as the same type (text or container data) as before it was encrypted.

If you need more control over how the encrypted data is encoded and formatted, you can use the CryptEncrypt and CryptDecrypt functions. See FileMaker Pro Help.

Important These functions have no direct connection to the security schema of a FileMaker Pro file (accounts, privilege sets, extended privileges). Therefore, the security of your data depends on how you use these functions in your custom app.

As a developer, consider how to manage keys securely:

Creation: Best practices for key creation (or generation) include at least these elements: key length, complexity, and entropy.
Storage: Store keys securely and separately from the data they decrypt.
Retention: Keys must be available for as long as the encrypted data is available. For example, backups are unusable if the keys are unavailable.
Destruction: Depending on how you use these functions, if a key is destroyed, the data it encrypted is effectively destroyed, because the data can't be decrypted without the key.

One application of these functions is to protect the confidentiality of data in a field (also known as field-level encryption). However, this level of encryption doesn't replace encryption at rest, which protects the entire file (including backups) from tampering. See Encrypt a custom app.

Also consider:

Attempting to decrypt data that is already decrypted can destroy the data. Instead, use a separate flag to indicate whether data is encrypted and decrypt the data only when needed.
When the contents of a field are encrypted, subsequently decrypted, and then reencrypted, the encrypted values will be different each time.
If the key is compromised, you need to be able to locate all the records with encrypted data so that they may be decrypted with the compromised key and reencrypted with a new key.