2

For a small C++/Qt-application I would like to store data crypted in an SQLite-database with SQLCipher-extension.

The key, which was used to crypt the database, has to be known by the C++/Qt-application, e.g.:

...
q.exec("PRAGMA key = 'mysecretkey';");
...

As this string in the binary file is easily readable using a hex-editor, I wrote a small method which creates the key from a hash-value at runtime:

...
q.exec("PRAGMA key='" + getKey().toHex() + "';");
...


QByteArray getKey() {
    ...
}

With this method the key is no longer part of the binary file, but still exists in the RAM at the time of executing the method which queries the database. When the method is finished, the key is also no longer visible in the RAM.

Can you help with an idea how to avoid the key being visible in the RAM? Or do you recommend a totally different way on the basis of C++/Qt and SQLite/SQLCipher-database to solve the problem of hiding the key properly?

Amendment: The program shall enable the user to check whether a search term is part of the database or not. But the user shall not be allowed to see the database in full.

Woodpecker
  • 117
  • 1
  • 5
  • 2
    Somehow, this sort of key will ALWAYS have to be present SOMEWHERE in the system at some point - the only solution that doesn't somehow require that is to move the decryption to a network-based service (where the server at the other end of the network connection is the only place the key is stored). You can use simple encryption/encoding [like hex-encoding and transposing bits], but it will eventually exist somewhere. – Mats Petersson Apr 04 '15 at 17:40
  • 3
    An attacker that can read the key from memory can also read the decrypted data from memory. – CL. Apr 04 '15 at 17:56
  • 1
    This doesn't seem to make sense. Surely anyone authorized to read the RAM is also authorized to have the key. If you only give the key to those authorized to have it, there's no issue. And why would you ever give the key to someone not authorized to have it? If the application needs to know the key, that must mean anyone authorized to have/use the application is also authorized to have/use the key? Right? If not, why does the application have the key? – David Schwartz Apr 04 '15 at 20:18
  • Somebody that has/uses the application may only search for single records, but is not allowed to see the database in full. Therefore I thought to crypt the database and to give th key to the application. – Woodpecker Apr 04 '15 at 22:29

1 Answers1

1

When you use a single system for that application, you are most probably running the application on your localhost. The key will eventually be present in the memory only, irrespective of the fact that you use any number of Encryption algorithm. You can also use a completely different approach, which I really recommend is- Use of Negative Database Concept.

"A negative database is a kind of database that contains huge amount of data consisting of simulating data. When anyone tries to get access to such databases both the actual and the negative data sets will be retrieved even if they steal the entire database. For example instead of storing just the personal details you store personal details that members don't have."

This will keep your data secure, even at the backend.

upaang saxena
  • 779
  • 1
  • 6
  • 18
  • Though I appreciate that there is unlikely to be a practical answer to this question, as noted by @CL.'s comment, it should be pointed out that security through obfuscation is not security. – cmannett85 Apr 04 '15 at 20:07
  • 1
    But Negative Database provides an extra layer of security and it helps us making the DB more secure. It is used in Banking Industry and also in Health Care Industry. – upaang saxena Apr 04 '15 at 22:41
  • I agree that security through obfuscation is not really security, but I find the negative database concept to be an additional interesting way to make it more difficult to gain useable data. – Woodpecker Apr 04 '15 at 22:44
  • Its not recommended for normal data @ Woodpecker, but if you want to make the data really secure, this is very useful :) I tried it on PostGres and Cassandra as well. It does'nt gives that bad results. – upaang saxena Apr 04 '15 at 22:46