如何正确地将加密数据插入数据库并从中检索?

时间:2016-02-12 11:17:35

标签: c++ c sqlite openssl

我的开发环境: C / C ++,CentsOS,Openssl的,sqlite3的。

我正在使用openssl EVP接口(AES 128位)加密数据。加密数据可能包含null。如何正确地将其插入sqlite3数据库并从数据库中检索以解密?

感谢。

1 个答案:

答案 0 :(得分:1)

How can i properly insert it into sqlite3 DB and retrieve back from DB to decrypt?

I think you have at least two options. First, you can encode your cipher text. This can be done in OpenSSL or with the database. If you use OpenSSL, then check out BIO_f_base64 in the man pages.

I'm not sure what you would use to encode binary data using database functions. For that, see SQL As Understood By SQLite | Core Functions.

Second, you can forgo the encoding and simply store the binary blob. The blob is a data type in SQLite, see Datatypes In SQLite Version 3. Also see questions like SQLite Blob insertion c++ and SQLite not storing blobs containing \0 bytes.

Avoiding the encoding and using binary data directly is probably the most efficient method since it avoids the extra work. But it will make searching the data more difficult in some instances.


There could be a third option, but it depends on your threat model. You can encrypt the entire database, and then insert plain text into it. For this option, see SQLite with encryption/password protection.

This option could be less secure than encrypting the data before inserting due to key management. If the database needs to be online, then the key which encrypts the entire database has to be stored somewhere, and that means the attacker can probably recover it from the filesystem.