Here's the thing:
In my Qt4.6-Project, I use a SQLite-Database. This database shouldn't be unencrypted on my harddrive. So I want, that on every start of my program, the user gets asked to enter a password to decrypt the database. Of course the database never should appear "in clear" (not encrypted) on my harddrive.
So is there any possibility to decrypt a SQLite-database "on the fly" and read and write data? What algorithm is here the best (maybe AES)?
When it's not possible (or very slow), maybe it's better to encrypt every string in the database and decrypt the string when the password was right (so that a user could open the database, but has no clue what all the entrys could mean)?
views:
709answers:
3
+1
A:
The best way I can think about is to use FUSE - "filesystems in user-land" - available for Linux , Mac OS X and other systems, or a different encrypted file-system. This will make SQLite see it as unencrypted while being physically encrypted on the disk. By playing with the permissions you can make sure people cannot access the unecrypted file system.
I'm not sure if SQLite has a way to over-ride the low-level read/write routines which will allow you to implement the encryption on the fly without filesystem games. At least I never needed to do that. You may wish to search for such a feature request and file one it if it's not in the SQLite issue tracker.
Shlomi Fish
2010-04-03 15:19:23
+7
A:
There is no built in support, that being said you do have options.
1) You can encrypt/decrypt all of your strings yourselves, but this is a lot of work, is not transparent, and won't allow you to do things like searching in the database.
2) SQLiteCrypt and SQLCipher do what you're looking for.
You can use them almost entirely transparent and typically they are said to have only about 5% overhead compared without encryption.
Brian R. Bondy
2010-04-03 15:26:00
but when I use a different API, i don't have the "usability" of Qt and SQLite anymore, right?
Berschi
2010-04-03 15:27:46
@Berschi: You would probably have to rebuild the sqlite component in Qt but they provide the source for needs like this. I think trying to use one of these components will be your best bet.
Brian R. Bondy
2010-04-03 15:30:12
You should be able to use the sqllite driver and compile it against the sqllite that is provided by SqlLitCrypt or SQLCipher. You could probably embed some of the password facility in the connection string, or extend the driver class and call the driver directly for the extended functions
Harald Scheirich
2010-04-07 01:20:16
+2
A:
I would suggest using a library that does this for you, rather than building in your own encryption.
http://www.hwaci.com/sw/sqlite/see.html or http://sqlite-crypt.com/documentation.htm
Use your favorite search engine for some alternatives.
Stephen
2010-04-03 15:29:57