问题
Here's the thing:
In my Qt4.6-Project, I use a SQLite-Database. This database shouldn't be unencrypted on my harddrive. So I want, that on every start of my program, the user gets asked to enter a password to decrypt the database. Of course the database never should appear "in clear" (not encrypted) on my harddrive.
So is there any possibility to decrypt a SQLite-database "on the fly" and read and write data? What algorithm is here the best (maybe AES)?
When it's not possible (or very slow), maybe it's better to encrypt every string in the database and decrypt the string when the password was right (so that a user could open the database, but has no clue what all the entrys could mean)?
回答1:
There is no built in support, that being said you do have options.
1) You can encrypt/decrypt all of your strings yourselves, but this is a lot of work, is not transparent, and won't allow you to do things like searching in the database.
2) SQLiteCrypt and SQLCipher do what you're looking for.
You can use them almost entirely transparent and typically they are said to have only about 5% overhead compared without encryption.
回答2:
I would suggest using a library that does this for you, rather than building in your own encryption.
http://www.hwaci.com/sw/sqlite/see.html or http://sqlite-crypt.com/documentation.htm
Use your favorite search engine for some alternatives.
回答3:
The best way I can think about is to use FUSE - "filesystems in user-land" - available for Linux , Mac OS X and other systems, or a different encrypted file-system. This will make SQLite see it as unencrypted while being physically encrypted on the disk. By playing with the permissions you can make sure people cannot access the unecrypted file system.
I'm not sure if SQLite has a way to over-ride the low-level read/write routines which will allow you to implement the encryption on the fly without filesystem games. At least I never needed to do that. You may wish to search for such a feature request and file one it if it's not in the SQLite issue tracker.
回答4:
An additional option would be the SQLite encryption codec that comes with Botan 1.9.x (src/wrap/sqlite).
That option gives you the ability to customize the encryption type at compile time, including the cipher and mode.
Disclosure: I contributed the codec to Botan.
来源:https://stackoverflow.com/questions/2571620/encrypt-decrypt-sqlite-database-and-use-it-on-the-fly