On 4/26/16, Mike Nicolino <mike.nicolino at centrify.com> wrote: > Hello Everyone, > > We're using SQLite SEE to encrypt our databases and I was wondering if there > is a version of SEE that is FIPS compliant/certificated?
If you will read FIPS 140-2, you will find that it has many requirements that are outside the purview of SQLite and SEE (and SQLCypher) - things such as tamper resistance and detection, key management, process isolation, etc. FIPS 140-2 is a system-level specification. But SEE is not a system. SEE is a component part. Hence, it makes no sense to talk about SQLite and/or SEE being FIPS 140-2 compliant/certified. Asking for FIPS 140-2 compliance/certification for SQLite/SEE is like asking for the IIHS crash test rating for your in-dash navigation system. In-dash navigation systems do not have crash test ratings. Crash test ratings only apply to complete cars. SEE uses AES which is an FIPS 140-2 compliant algorithm. So SEE can be used within FIPS 140-2 compliant/certified systems. > > I'm considering a local modification to SEE to have it call the Windows APIs > rather that doing its own encryption; has anyone tried such a thing before? > The cccrypt version of SEE calls the built-in CCCrypt libraries on Mac/iOS. You can probably adapt that code to invoke whatever Windows APIs you like. Note that CCCrypt uses AES just like the default SEE module. So they are completely interoperable. You can encrypt with one and decrypt with the other. If you manage your port to Windows correctly, you can probably achieve portability there as well. -- D. Richard Hipp drh at sqlite.org
