My application (written in C++ together with the Qt libraries) uses an
in-memory database which is stored to disk using the SQLite backup API
at the end of a session or at periodic intervals (i.e. auto-save
functionality) and loaded from disk into the memory database at program
startup.

This works fine, but I would like to offer the user the option to
encrypt the database before writing it to disk. If it is encrypted, they
would need to decrypt it again when it was loaded into memory (duh!)

After studying the SQLite sources a bit, it seems that the easiest way
to do this would be to replace the function pointers of the sqlite3_vfs
struct "xRead" and "xWrite" with my own functions, similar to the way we
used to "bend" interrupt routines under MS-DOS -- remember those? :) --
to point to our custom interrupt handlers. I would call
sqlite3_vfs_find(NULL) to get a pointer to the default VFS, then copy
that to a static object and just replace those two function pointers,
then register the new VFS (do I even need to do that, or can I just plug
the pointer to my static sqlite3_vfs struct into the sqlite3 object
whose pointer is passed to the backup API functions?) My own code would
save the original pointers and use them inside the encryption and
decryption routines for doing the actual disk I/O.

There are open source implementations of a variety of encryption
algorithms which work on fixed block sizes; i.e. if I encrypt the entire
database instead of just one page at a time (as other encryption
routines seem to do), it should be exactly the same size (or perhaps
just a few bytes larger due to padding) as the original file. IOW, a
block of 8 bytes, when encrypted, would reside at the same offset as the
original data.

But before I "try this at home", I thought I would ask if there are any
caveats I should be aware of? Thanks for any helpful advice!

_______________________________________________
sqlite-users mailing list
sqlite-users@sqlite.org
http://sqlite.org:8080/cgi-bin/mailman/listinfo/sqlite-users

Reply via email to