Strengthening Data Security: Certifying Uniface Applications for Robust Tamper Detection
Author: Anastasios Chatziioannou, Sr. Software Engineer,
_____________
You’ve completed development and are ready to deploy your Uniface application. But how can you ensure it remains secure and untampered with? With our new security feature, you can now protect your resources against unauthorized modifications, safeguarding both your data and the integrity of your application. Your Uniface client or server will confirm whether the loaded resources are authentic. This ensures that your resources cannot be tampered with!
New Uniface features
We’ve introduced several enhancements to make certifying your Uniface application easier than ever. Now, with the updated , you can use the new "-encrypt" option alongside the "ENCRYPTED_PATHS" ASN section. You’ll also find a handy new utility, cert.exe, included in your Uniface installation on Windows. This utility guides you through certifying your resources and generating the private/public key pairs you need for secure deployment.
What Does Certifying Mean?
When you certify your application resources, while encrypting your paths, you authorize a specific Uniface application to use those paths. Even the slightest modification in your Uniface application will result in a fatal error, making sure that your Uniface application cannot be tampered with!
This new security feature may remind you of "Digital Signing", as seen in other software like GaraSign. Our feature includes "Digital Signing" and "Digital Signature" verification at the same time! This feature uses advanced cryptographic techniques like "Digital Signatures," based on a secure cryptography method called the Probabilistic Signature Scheme. With RSA private/public keys and a Secure Hash Algorithm, we ensure that your application is protected using the latest standards in cryptography.
How to Certify Uniface Applications
In a few simple steps, you can have your application certified and fully protected against prying eyes.
-
Generate a private/public key pair with cert.exe or OpenSSL.
-
Certify the resources (directories and/or UARs) using the private key.
-
Transfer all your sensitive paths into an ENCRYPTED_PATHS section.
-
Use the pathscrambler to encrypt your ENCRYPTED_PATHS with the public key.
Tips and Tricks
-
When generating a private key, it is important to keep it safe! Our tip is to store in a secure password manager of your choice.
-
Certifying Uniface applications is a Release Engineering step. You should perform the certifying after packaging your application, not during development.
-
Your application may rely on usys.uar for several components or key translation tables. In this case, do not forget to certify and deploy usys.uar.
-
Never certify or deploy IDE resources, like 'ide.uar'. This UAR contains development tools, not runtime tools.
-
Tampering detection can only work when using an ENCRYPTED_PATHS ASN section and certifying your application. Both requirements must be met.