Portable database for storing secrets

2019-04-10 06:24发布

站内问答 / 后端开发
1243 7 6

I'm developing a application that needs storing secrets in a database.

I need a portable database (like Firebird, Sqlite, etc) where the data will be stored encrypted or password protected or both...

Let's take as example that I want create a password manager. I will need store that passwords in a database. I'm accustomed to use Embed Firebird, but not for secret data.

Another solution is to use the database naturally and encrypt the database file when I'm not connected to file, but I'm not sure of the security or performance implications.

What the best method that you recommend?

7条回答
爱情/是我丢掉的垃圾
2楼-- · 2019-04-10 06:51

Honestly? Use TrueCrypt or KeePass.

查看更多
0人赞 添加讨论(0) 举报
相关推荐>>
3楼-- · 2019-04-10 06:51

I highly recommend you check out SQLCipher (full-disclosure, I'm one of the developers!) It's a free and open-source implementation of transparent, page-level encryption for SQLite. The implementation is fairly robust, it's under active development, and it's very easy to use (relatively speaking).

查看更多
0人赞 添加讨论(0) 举报
Explosion°爆炸
4楼-- · 2019-04-10 06:57

You could also have a look at SQL Server Compact edition, which only requires a DLL and will store the data in a single file, just like SQLite or Access, Firebird, etc.

It also has encryption capabilities built-in.

Some references:

Password encryption

See my answer to your other question os SO.

查看更多
0人赞 添加讨论(0) 举报
Summer. ? 凉城
5楼-- · 2019-04-10 07:01

There is a project called sqlite-crypt. Which should be your best bet. sqlite db with all data on disk encrypted.

查看更多
0人赞 添加讨论(0) 举报
混吃等死
6楼-- · 2019-04-10 07:08

I second the suggestion to use KeePass. It's a great store for sensitive data and exposes a pretty good API. Here's an example of how to read a standard Keypass 2 database:

var dbpath = @"C:\path\to\passwords.kdbx";
var masterpw = "Your$uper$tr0ngMst3rP@ssw0rd";

var ioConnInfo = new IOConnectionInfo { Path = dbpath };
var compKey = new CompositeKey();
compKey.AddUserKey(new KcpPassword(masterpw));

var db = new KeePassLib.PwDatabase();
db.Open(ioConnInfo, compKey, null);

var kpdata = from entry in db.RootGroup.GetEntries(true)
                select new
                {
                    Group = entry.ParentGroup.Name,
                    Title = entry.Strings.ReadSafe("Title"),
                    Username = entry.Strings.ReadSafe("UserName"),
                    Password = entry.Strings.ReadSafe("Password"),
                    URL = entry.Strings.ReadSafe("URL"),
                    Notes = entry.Strings.ReadSafe("Notes")

                };                                      
db.Close();
查看更多
0人赞 添加讨论(0) 举报
Explosion°爆炸
7楼-- · 2019-04-10 07:12

I agree with CJM, but if you're dead-set on writing your own, you should encrypt the stream at write-time and decrypt it at read-time. Any published algorithm that's somewhat strong should keep things secure.

查看更多
0人赞 添加讨论(0) 举报
1 2 下一页
登录 后发表回答
相关问题
查看全部
相关文章
查看全部
收藏的人(6)