My application (written in C++ together with the Qt libraries) uses an in-memory database which is stored to disk using the SQLite backup API at the end of a session or at periodic intervals (i.e. auto-save functionality) and loaded from disk into the memory database at program startup.
This works fine, but I would like to offer the user the option to encrypt the database before writing it to disk. If it is encrypted, they would need to decrypt it again when it was loaded into memory (duh!) After studying the SQLite sources a bit, it seems that the easiest way to do this would be to replace the function pointers of the sqlite3_vfs struct "xRead" and "xWrite" with my own functions, similar to the way we used to "bend" interrupt routines under MS-DOS -- remember those? :) -- to point to our custom interrupt handlers. I would call sqlite3_vfs_find(NULL) to get a pointer to the default VFS, then copy that to a static object and just replace those two function pointers, then register the new VFS (do I even need to do that, or can I just plug the pointer to my static sqlite3_vfs struct into the sqlite3 object whose pointer is passed to the backup API functions?) My own code would save the original pointers and use them inside the encryption and decryption routines for doing the actual disk I/O. There are open source implementations of a variety of encryption algorithms which work on fixed block sizes; i.e. if I encrypt the entire database instead of just one page at a time (as other encryption routines seem to do), it should be exactly the same size (or perhaps just a few bytes larger due to padding) as the original file. IOW, a block of 8 bytes, when encrypted, would reside at the same offset as the original data. But before I "try this at home", I thought I would ask if there are any caveats I should be aware of? Thanks for any helpful advice! _______________________________________________ sqlite-users mailing list sqlite-users@sqlite.org http://sqlite.org:8080/cgi-bin/mailman/listinfo/sqlite-users
