Portable database for storing secrets

views:

725

answers:

+3 Q:

Portable database for storing secrets

I'm developing a application that needs storing secrets in a database.

I need a portable database (like Firebird, Sqlite, etc) where the data will be stored encrypted or password protected or both...

Let's take as example that I want create a password manager. I will need store that passwords in a database. I'm accustomed to use Embed Firebird, but not for secret data.

Another solution is to use the database naturally and encrypt the database file when I'm not connected to file, but I'm not sure of the security or performance implications.

What the best method that you recommend?

+1 A:

Honestly? Use TrueCrypt or KeePass.

CJM 2009-02-16 23:55:55

Voted down? WTF? It is the perfect answer to the *original* question.

CJM 2009-02-18 14:52:31

It wasn't me. I voted you up again, I myself use Keepass for another tasks ;-)

Click Ok 2009-02-21 01:33:13

Lol - thanks.I actually use Keepass with in a TrueCrypt volume. My U3 device doesn't work on Server 2008 and U3 isn't really that secure anyway.

CJM 2009-02-23 10:31:46

+4 A:

There is a project called sqlite-crypt. Which should be your best bet. sqlite db with all data on disk encrypted.

Infamy 2009-02-17 00:00:54

unfortunately it's not free...

ILya 2010-03-23 14:04:44

+1 A:

I agree with CJM, but if you're dead-set on writing your own, you should encrypt the stream at write-time and decrypt it at read-time. Any published algorithm that's somewhat strong should keep things secure.

psykotedy 2009-02-17 00:01:13

+2 A:

REALbasic's built-in support for working with encrypted SQLite databases has worked well for me on a couple of projects.

Paul Lefebvre 2009-02-17 00:36:58

+3 A:

You could also have a look at SQL Server Compact edition, which only requires a DLL and will store the data in a single file, just like SQLite or Access, Firebird, etc.

It also has encryption capabilities built-in.

Some references:

Security and Encryption for SQL Server Compact
Tutorials on using SQL Server Compact Edition (second and third sections down the page).

Password encryption

See my answer to your other question os SO.

Renaud Bompuis 2009-02-17 02:54:08

+2 A:

I highly recommend you check out SQLCipher (full-disclosure, I'm one of the developers!) It's a free and open-source implementation of transparent, page-level encryption for SQLite. The implementation is fairly robust, it's under active development, and it's very easy to use (relatively speaking).

Billy Gray 2009-06-29 14:26:09

It's nearly some kind of dark magic to get windows binaries of it... No documentation how to build on windows except two strings of text. When you follow them you'll see that it can't be cross-compilled.

ILya 2010-03-23 14:07:45

I believe we got you all straightened out on the google group, yes? For anybody else looking for help compiling windows binaries, there's a lot of info and tips published in: http://groups.google.com/group/sqlcipher

Billy Gray 2010-03-31 15:30:03

Can i use SQLCipher on Symbian platform?? If yes, then please guide me!! I could not find any relevant information on internet.

vev 2009-12-04 11:29:48

Hi Vev, I haven't tried building SQLCipher for Symbian, but we do have a mailing list where people discuss how to build it for various platforms, you might ask there:http://groups.google.com/group/sqlcipher

Billy Gray 2010-03-02 14:15:22

ansaurus

tags:

views:

answers:

Portable database for storing secrets

related questions