Portable database for storing secrets

https://stackoverflow.com/questions/555076

23-08-2019
|

Question

I'm developing a application that needs storing secrets in a database.

I need a portable database (like Firebird, Sqlite, etc) where the data will be stored encrypted or password protected or both...

Let's take as example that I want create a password manager. I will need store that passwords in a database. I'm accustomed to use Embed Firebird, but not for secret data.

Another solution is to use the database naturally and encrypt the database file when I'm not connected to file, but I'm not sure of the security or performance implications.

What the best method that you recommend?

Solution

There is a project called sqlite-crypt. Which should be your best bet. sqlite db with all data on disk encrypted.

OTHER TIPS

You could also have a look at SQL Server Compact edition, which only requires a DLL and will store the data in a single file, just like SQLite or Access, Firebird, etc.

It also has encryption capabilities built-in.

Some references:

Security and Encryption for SQL Server Compact
Tutorials on using SQL Server Compact Edition (second and third sections down the page).

Password encryption

See my answer to your other question os SO.

Honestly? Use TrueCrypt or KeePass.

I agree with CJM, but if you're dead-set on writing your own, you should encrypt the stream at write-time and decrypt it at read-time. Any published algorithm that's somewhat strong should keep things secure.

REALbasic's built-in support for working with encrypted SQLite databases has worked well for me on a couple of projects.

I highly recommend you check out SQLCipher (full-disclosure, I'm one of the developers!) It's a free and open-source implementation of transparent, page-level encryption for SQLite. The implementation is fairly robust, it's under active development, and it's very easy to use (relatively speaking).

I second the suggestion to use KeePass. It's a great store for sensitive data and exposes a pretty good API. Here's an example of how to read a standard Keypass 2 database:

var dbpath = @"C:\path\to\passwords.kdbx";
var masterpw = "Your$uper$tr0ngMst3rP@ssw0rd";

var ioConnInfo = new IOConnectionInfo { Path = dbpath };
var compKey = new CompositeKey();
compKey.AddUserKey(new KcpPassword(masterpw));

var db = new KeePassLib.PwDatabase();
db.Open(ioConnInfo, compKey, null);

var kpdata = from entry in db.RootGroup.GetEntries(true)
                select new
                {
                    Group = entry.ParentGroup.Name,
                    Title = entry.Strings.ReadSafe("Title"),
                    Username = entry.Strings.ReadSafe("UserName"),
                    Password = entry.Strings.ReadSafe("Password"),
                    URL = entry.Strings.ReadSafe("URL"),
                    Notes = entry.Strings.ReadSafe("Notes")

                };                                      
db.Close();

Licensed under: CC-BY-SA with attribution

Not affiliated with StackOverflow