Databases and Encryption - single field or whole database?
I'm after some input to some Solution Design Brainstorming.
I have divided this into two section, the general background on what I am doing in case anyone is interested, but that isn't the problem and the second section which sets out the application design problem. Reading the second section, is enough to contribute to the discussion.
I developing an application for the management of Diabetes; to keep a track and manage every bit of information a Diabetic might want to manage. I'm a type one Diabetic and have been so for 31 years.
There are a number of good apps that run on your phone and keep a track of things like blood test results, allowing you to spot trends, but this is not the type of thing that I am aiming my application at; I am looking at managing the broader range of Diabetic life actives, keeping a track of all the information you need. Things like; keeping contact details for all the support roles, managing medication lists (so you can print them out prior to a hospital visit), keeping track of all test results (weight, height, Blood pressure, pulse, blood tests, Cholesterol, Hba1c, Ketone) It will keep a track of medical appointments (in it's own database) and store them in calendars and add those appointments to other peoples calendars if you wish (such as your work/partner/carer). The aim is to have all the information in one place and easily accessible. It will also produce all the usual test result graphs and summaries.
It is multi user, but only in the sense of have more than one diabetic in the same household.
The Problem/Discussion point
The application is a collection of personal information; such as addresses, date of birth and medication, but my feeling is that as this is likely to reside on a personal computer with other personal information, so it is the responsibility of the user to manage its security in a sensible way.
The program has a Login to the application, requiring a user name and password, though the password is stored in clear within the database as is the rest of the information. The login only ensures data integrity, rather than real security.
My problem is that now I have added the ability to add appointments to the system and for those appointments to be added to google calendars. This adds the problem of how do I store the user password for the google account?
A google account provides access to a whole lot of other information and so needs to be protected.
- How do I encrypt the google password in a database field?
- If the Google Account Password is encrypted, I would also need to encrypt the login password, as one would allow access to the other (same answer as above)?
- What are the possibilities for encrypting fields within a database (I'm using SQLite at the moment)?
- Should the whole database be encrypted?
- What is the best way to encrypt the who database?
This is for discussion purposes so feel free to throw in your own questions and observations.
I'm also happy for other suggestions and discussion on the application, which I intend to make open source.
I am developing this on Linux, though I sometimes compile it on Windows. I am writing it to be cross platform, with no platform specifics, so it should compile on anything Qt can compile on.
- Using e.g md5 using a salt
- Same as 1
- The encryption technique that you will use doesn't really have anything to do with the database you will be using
- Depends on where your files will be stored, if it's on an encrypted volume there's less need for that. Otherwise since you have medical information and more in it, i'd encrypt the database.
- That again will depend on the database used. AFAIK, SQLite offers SEE but it's a licensed feature and you will probably have to set it up by hand.
Hope it helps
I fully agree with SGaist, at this point I suggest you to search for sqlite-cipher that is made with crypto in mind!