Hey,
I know we’ve been discussing this before, but with no solution. I myself think, that the
store should fail to open when the passphrase is wrong, because that’s where you’d like to
have your “try .. catch ..” to handle the problem, not elsewhere, when you want to
actually read/write/delete from the store, that’s just not very user friendly.
If the answer to that is YES, then the next question is, how to decide when the passphrase
is right and when it isn’t. Again I’ll write more ways I’ve got on mind, that’d solve
this. Important is, that none of them actually stores the passphrase!
On each call of ‘open()’:
1. do ‘readAll()’ to ensure the passphrase is right. Basically, that’s what user has to do
now to find out if the passphrase is right.
2. read the first row and if the read is successful, then the passphrase is right. In this
case, we’d have to be 100% sure that there is no way to put data into the store with
different key and thus all the rows are encrypted with the same passphrase.
3. Save some metadata for each data model, that would be encrypted with the same
passphrase and we’d read them and if successful, the passphrase is right. This has two
possible implementations.
a. The first row in the data model table would be reserved for the metadata, so the
verification would work similarly to the option 2.
b. There would be separate table, in which we’d add a row for each data model table.
Again, very similar to a. but without the pain of having different data in the same table.
Also, if the implementation of SQLStore will become multi-table (instead of multi-database
which is now), there would be only one table for all the metadata.
So, what do you think?
PS: For abstractj, I’ve been trying to find any library that would do the encryption on
high-level, as AeroGear does, but couldn’t find any. There are many ways to encrypt SQLite
database though they work on different approach of encrypting the whole database file, not
just rows themselves.
—
Tadeas Kriz
tkriz(a)redhat.com