Types of encryption used by the FileMaker Platform

The FileMaker Platform encrypts data in different ways depending on how the data is stored or transmitted. This table lists the cipher types used when the FileMaker Platform encrypts data.

Option Cipher type

Account password

One-way hash

Admin Console password

One-way hash

Database Encryption

AES-256 CBC mode

CryptEncrypt and CryptDecrypt functions, FileMaker custom app upgrade tool

These functions use the PBKDF2 algorithm to convert the specified key into a cryptographic key before it encrypts or decrypts data. This key encrypts data using the AES-GCM authenticated encryption algorithm at the 128-bit level. The result includes an encrypted SHA256 digest of data, which validates the data during decryption.

The FileMaker custom app upgrade tool uses these functions to encrypt and decrypt patch files.

SSL/TLS

  1. Between FileMaker Server or FileMaker Cloud and FileMaker Pro, FileMaker Go, FileMaker Web Publishing Engine, FileMaker Data API, and ODBC, JDBC, and OData-capable client applications

  2. Between Web Server and a web browser for FileMaker WebDirect and Admin Console

  1. AES-256 (required by FileMaker Server)

  2. Web Server in Windows: The cipher type is controlled by Windows OS and IIS Web Server.
    Web Server in macOS: AES-256 or AES-128 (in FileMaker Server httpd configuration).

Note   

  • With SSL, the cipher mode is dependent on the host and client negotiation, so the cipher mode could be CBC or GCM (or others in the future).

  • SSL certificates that use ECC or RSA key pair verification are supported.

Secure Storage of container data (with Database Encryption disabled)

AES-128 CBC mode

Secure Storage of container data (with Database Encryption enabled)

AES-256 CBC mode