Hello ajm, Monday, August 20, 2007, 8:20:37 AM, you wrote:
azc> Hi all: azc> I'm writing an application that uses SQLite to store user's azc> data, and need a library to crypt some stuff, including passwords azc> and data. The goal is to crypt before insert and decript after azc> extract tha data, so this last can't be seen by others who gain azc> access to the SQLite dataBase. The application don't need military security level :-) azc> I have been reading about Blowfish, but it seem that it encrypts azc> data in 8-byte blocks, and I suppose that it need pad the data to azc> 8-byte round, who might cause some headache. azc> The ideal is some freeware library although commercial products azc> can also be considered. Of course the final product must be azc> commercially distributable without patent issues. azc> Any advice in this matter would be grateful azc> A.J.Millan I use OpenSSL with AES to encrypt specific fields. You do have to pad, at least with AES. If you're just encrypting strings the padding won't matter as long as you include the null terminator in the encrypted data. When it decrypts, you'll still end up with a null terminated string. You save the encrypted data as blobs though, you could text encode them and save them as strings if you wanted too. You MAY want to CRC the strings and include the CRC in the blob so, you know whether the decrypt worked properly. I'm planning on buying the crypto-version of SQLite too but, that part of my project is sidelined at the moment. The benefit of the crypto-sqlite is that users can't even see the tables or schema so, you're really protected. I don't want the schema visible so, my competitors can't see what I'm doing. Keep in mind, if the password for the DB is hard-coded into the program then anyone can get at it. -- Best regards, Teg mailto:[EMAIL PROTECTED] ----------------------------------------------------------------------------- To unsubscribe, send email to [EMAIL PROTECTED] -----------------------------------------------------------------------------
