views:

725

answers:

7

I'm developing a application that needs storing secrets in a database.

I need a portable database (like Firebird, Sqlite, etc) where the data will be stored encrypted or password protected or both...

Let's take as example that I want create a password manager. I will need store that passwords in a database. I'm accustomed to use Embed Firebird, but not for secret data.

Another solution is to use the database naturally and encrypt the database file when I'm not connected to file, but I'm not sure of the security or performance implications.

What the best method that you recommend?

+1  A: 

Honestly? Use TrueCrypt or KeePass.

CJM
Voted down? WTF? It is the perfect answer to the *original* question.
CJM
It wasn't me. I voted you up again, I myself use Keepass for another tasks ;-)
Click Ok
Lol - thanks.I actually use Keepass with in a TrueCrypt volume. My U3 device doesn't work on Server 2008 and U3 isn't really that secure anyway.
CJM
+4  A: 

There is a project called sqlite-crypt. Which should be your best bet. sqlite db with all data on disk encrypted.

Infamy
unfortunately it's not free...
ILya
+1  A: 

I agree with CJM, but if you're dead-set on writing your own, you should encrypt the stream at write-time and decrypt it at read-time. Any published algorithm that's somewhat strong should keep things secure.

psykotedy
+2  A: 

REALbasic's built-in support for working with encrypted SQLite databases has worked well for me on a couple of projects.

Paul Lefebvre
+3  A: 

You could also have a look at SQL Server Compact edition, which only requires a DLL and will store the data in a single file, just like SQLite or Access, Firebird, etc.

It also has encryption capabilities built-in.

Some references:

Password encryption

See my answer to your other question os SO.

Renaud Bompuis
+2  A: 

I highly recommend you check out SQLCipher (full-disclosure, I'm one of the developers!) It's a free and open-source implementation of transparent, page-level encryption for SQLite. The implementation is fairly robust, it's under active development, and it's very easy to use (relatively speaking).

Billy Gray
It's nearly some kind of dark magic to get windows binaries of it... No documentation how to build on windows except two strings of text. When you follow them you'll see that it can't be cross-compilled.
ILya
I believe we got you all straightened out on the google group, yes? For anybody else looking for help compiling windows binaries, there's a lot of info and tips published in: http://groups.google.com/group/sqlcipher
Billy Gray
A: 

Can i use SQLCipher on Symbian platform?? If yes, then please guide me!! I could not find any relevant information on internet.

vev
Hi Vev, I haven't tried building SQLCipher for Symbian, but we do have a mailing list where people discuss how to build it for various platforms, you might ask there:http://groups.google.com/group/sqlcipher
Billy Gray