On 22 Feb 2011, at 22:03, H. Phil Duby wrote: > On Tue, Feb 22, 2011 at 9:07 AM, Philip Graham Willoughby > <phil.willoug...@strawberrycat.com> wrote: >> >> On 22 Feb 2011, at 15:41, Max Vlasov wrote: >>> The obvious solution is public-key cryptography. The question is about >>> different ways how it could be implemented with sqlite. The requirement for >>> this system is that it should operate in two modes: >>> - insert-only when no reading operation is used. This mode uses public key >>> to store the data >>> - full-mode when the private key is supplied and any operation is possible. >> >> It might work, but it wouldn't be quick. Public-key cryptography is very >> slow. There are benchmarks on this page >> (http://www.cryptopp.com/benchmarks.html) but most of what you need to know >> is in the choice of scale: AES and other shared key systems are in >> cycles-per-byte and RSA/friends are in megacycles-per-operation. > > The simple answer to 'public-key' cryptography is very slow', so to > not encrypt the complete text. Instead you generate a random key for > one of the good [and fast] symmetric encryption implementations, > encrypt the complete text with that, and encrypt only the symmetric > key using public-key encryption.
Indeed; I had interpreted the OPs scenario as logging short snippets (e.g. single syslog entry size), in which case the data is probably short enough to be encrypted in a single RSA operation and nothing is gained (indeed time is lost and space wasted) by using a secondary symmetric key. I should have stated that assumption; apologies all. Best Regards, Phil Willoughby -- Managing Director, StrawberryCat Limited StrawberryCat Limited is registered in England and Wales with Company No. 7234809. The registered office address of StrawberryCat Limited is: 107 Morgan Le Fay Drive Eastleigh SO53 4JH _______________________________________________ sqlite-users mailing list sqlite-users@sqlite.org http://sqlite.org:8080/cgi-bin/mailman/listinfo/sqlite-users
