Qt Forum
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Groups
    • Search
    • Unsolved

    Qsettings secure?

    General and Desktop
    4
    5
    7324
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • F
      fluca1978 last edited by

      Hi all,
      maybe this will sound trivial, but is there a way to store QSettings in a secure way? For instance, in eclipse rcp there are secure-settings that are stored cyphered with a user prompted password. Does something alike exist in qt?

      1 Reply Last reply Reply Quote 0
      • L
        leon.anavi last edited by

        You can "use QSettings":http://developer.qt.nokia.com/wiki/How_to_Use_QSettings and store encrypted values with a symmetric-key algorithm to ensure security of your app. Of course you will have to decrypt each value after reading it.

        http://anavi.org/

        1 Reply Last reply Reply Quote 0
        • L
          lgeyer last edited by

          Andres "SimpleCrypt":http://developer.qt.nokia.com/wiki/Simple_encryption might be a good start. There is also "QCA ":http://delta.affinix.com/qca/ and Qt Creator for example uses "botan":http://botan.randombit.net/.

          1 Reply Last reply Reply Quote 0
          • L
            leon.anavi last edited by

            Btw several years ago I had a common issue and I used "OpenSSL cryptographic library":http://www.openssl.org/docs/crypto/crypto.html. This library offers implementation of the most popular and reliable algorithms and good documentation.

            http://anavi.org/

            1 Reply Last reply Reply Quote 0
            • A
              andre last edited by

              With QSettings, you will have to either create your own engine for it (not trivial, I found out), or limit yourself to encrypting only the values and not the keys, and limit yourself to not using the more advanced features of QSettings for things like arrays. That sounds rather limiting and brittle to me, and it still gives away information on what is stored.

              If you are interested in securely storing settings, I would not rely on QSettings. Instead, I would probably go for a solution where I create a binary file with settings, using QDataStream. The binary blob resulting from that can then be encrypted and stored.

              The "SimpleCrypt":http://developer.qt.nokia.com/wiki/Simple_encryption class Lukas mentioned may help you with that final encryption, but do not mistake it for strong encryption. I should know: I wrote it :-) If you want something more strong, use OpenSSL or some other well tested and well designed library by crypto experts instead, and make sure you understand the pitfalls in using them (there are many!) However, if you just want to shield the blob with settings from curious eyes, then SimpleCrypt may be just what you need.

              1 Reply Last reply Reply Quote 0
              • First post
                Last post