-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 02/19/2011 03:40 PM, Robert Hairgrove wrote: > But before I "try this at home", I thought I would ask if there are any > caveats I should be aware of? Thanks for any helpful advice!
Unless your time has no value, I'd suggest using this: http://www.hwaci.com/sw/sqlite/see.html (Note that it is supported, tested and cryptographically sound. It would take you a long time to achieve the same.) If you just want whole file encryption then I'd recommend using an archive tool and storing/extracting as appropriate. For example 7zip does this well and is open source. If you really want to do your own thing then beware that the encryption key has to be where the data is encrypted/decrypted. You should carefully study exactly what it is you a protecting, who you are protecting it from, how long it is protected etc. These can help: http://www.schneier.com/paper-attacktrees-ddj-ft.html If you really do still want to proceed then xRead/xWrite are an appropriate place to do it. However your scheme already suffers one weakness: http://en.wikipedia.org/wiki/Initialization_vector Anyone can design a scheme they themselves cannot break. It requires far more skill and experience to come up with something that is actually strong. Also consider that what you may actually need is just some obfuscation. For example you could just XOR the database contents with deterministic bytes. If you did this then seeing the contents would go from costing a few dollars (load the file into the command line shell) into a few hundred or thousand (figure out what it is you did). In any event an attacker could always point a gun or use a hardware keylogger if they don't want to be discovered. That would workaround any encryption scheme. Roger -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk1gaZ4ACgkQmOOfHg372QRiQACfRDeVyC6Z8pTSNwsIvMJLukfv knYAoLWDSilcXoxwAzJyrTTn0eU+Wo2k =Qfrv -----END PGP SIGNATURE----- _______________________________________________ sqlite-users mailing list sqlite-users@sqlite.org http://sqlite.org:8080/cgi-bin/mailman/listinfo/sqlite-users
