After talking with the maintainer of sqlcipher, I'm now using the v2beta
branch, which provides an sqlcipher_export function, making my life much
easier. I'm exposing this function to python-sqlcipher (the bindings),
and then making use of it within Zeitgeist. Basically, this allows us to
attach an unencrypted db to an encrypted db with a simple subroutine
call, rather than having to specify the entire schema manually. Someone
could start packaging this, I believe that most of the packaging for
sqlcipher has been done.
You received this bug notification because you are a member of Zeitgeist
Framework Team, which is subscribed to Zeitgeist Framework.
Encryption of database
Status in Zeitgeist Framework:
I think that Zeitgeist should encrypt databases in
~/.local/share/zeitgeist/* for anti-forensics reasons.
While someone may happen to use an encrypted disk, Zeitgeist may serve
as the ultimate accidental spyware to an unsuspecting user. One
possible mitigation is to randomly generate a reasonable key, tie it
into the login keychain and then use that key with something like
http://sqlcipher.net/ rather than straight sqlite.
In theory, a user will never know that this encryption/decryption is
happening - no underlying assumptions about the disk need to be made
to maintain any security guarantees. This should prevent anyone from
learning the contents of the database without also learning the login
password. Modern Ubuntu machines disallow non-root ptracing (
and if the gnome keyring is locked, an attacker would have a much
harder time grabbing meaningful Zeitgeist data without interacting
with the user or bruteforcing the login keychain.
To manage notifications about this bug go to:
Mailing list: https://launchpad.net/~zeitgeist
Post to : firstname.lastname@example.org
Unsubscribe : https://launchpad.net/~zeitgeist
More help : https://help.launchpad.net/ListHelp