5

I have an electron app which persists data in an SQLite db stored in my machine. I have all the setup for the CRUD operation and the application works fine. Now I need to encrypt the SQLite DB file. I searched online for solution but all the solution are for pre-encrypted DB which is being decrypted inside Electron.

The requirement is, user will provide the password using which the app will encrypt the DB file and going forward user will provide the password to decrypt and perform the CRUD operation

Any idea how to achieve this?

P.S.: I have checked with SQLCipher docs and I don't find what I needed. So far, I am using sqlite3 node module to perform CRUD

Edit 1: I tried to use sqlite-cipher module and I was able to encrypt the db in a separate js file. but when I integrate the same with the electron ipcMain, the app closes due to high RAM consumption. Any suggestions???

Sesha
  • 565
  • 1
  • 7
  • 20
  • I know this is old but I'm facing a similar usecase and I want to use the password passed by the user as the key to encrypt the database. How did you achieve it? – Oumaima Abou El Mawahib Sep 14 '21 at 17:08

2 Answers2

3

If you're using SQLite the best option is use SQLCipher. The problem is that you will have to compile new binaries to work and there are some limitations with the versions of SQLite and SQLcipher for node.

You can use this package: https://github.com/journeyapps/node-sqlcipher

or compiling manually, here you have an example https://gist.github.com/aguynamedben/14253e34bc7e0a881d99c8e45eb45a47

ajmasia
  • 39
  • 3
  • As of now, `journeyapps/node-sqlcipher` is a very very bad recommendation. It's unmaintained for over 2 years and broken on Macs with the Apple Silicon Chip. – tmuecksch Jun 18 '23 at 10:56
-2

Encryption in electron app is a tricky thing. This is because it can give you false sense of security.

You might encrypt your local db, but with electron it's so easy to decrypt it back that perhaps it's not worth it at all? It's very easy to get sources of your electron app. Minification helps only a little bit, but this is not real protection.

There are many approaches you can take but they vary on circumstances. The questions which needs to be answered are:

  • who are you trying to protect against?
  • is security critical or this is only basic measures so not everyone can get data from db at first glance?
  • does the user using the app have admin user rights on the machine?
  • are you accessing db directly through electron app, or some kind of system wide service (deamon) is communicating with db and passing results to electron app.
  • if previous is "yes" how do you communicate the service with the electron app and how is this secured?

Take a look at source code access discussion:

https://github.com/electron/electron/issues/3041

and also check this article (especially the security part):

https://hackernoon.com/electron-the-bad-parts-2b710c491547

kmiterror
  • 73
  • 1
  • 4
  • Hi, thanks for you reply. What you have explained is encrypting about electron app. But my question is about encrypting the SQLite file I use with my electron app. Any ideas on that? – Sesha Apr 22 '19 at 21:35
  • 3
    All of those words and didn't even come close to actually answering the question... – TimTheEnchanter Apr 21 '20 at 20:13