store encrypted data in sqlite ?

[Stef Mientki]

hello,

I want to store some fields in an sqlite database.

I use ezPyCrypto to encrypt and decrypt:

User = ['z684684', 'Mientki, Stef', 1,1,0,1,1 ]

encryption_key_1 = ezPyCrypto.key ( 512 )

SQL_Base = 'insert or replace into __USERS__ values ('
for field in User :
SQL += ",'" + encryption_key_1.encString ( str ( item ))+ "'"
SQL += ')'


Now this fails, probably, because the second character of the encrypted
string is a binary zero.

By trial and error, I found a work around,
but I'm not sure this will garantee that it will work always:
by converting the encrypted buffer with base64.encode:

SQL += ",'" + base64.encodestring(EnCrypt_1 ( str ( item )))+ "'"

Will this method work always ?
Are there better methods ?

thanks,
Stef Mientki

 

[Jonathan Gardner]

Will this method work always ?
Are there better methods ?

I SQLite doesn't like raw data (with all its \0 glory), you're out of
luck, unfortunately. Base64 encoding is a really good solution for
places like this.

You are aware, of course, of the dangers of storing sensitive data in
memory? That is, if you are storing the sensitive data anywhere in a
Python variable, it is possible for someone with access to the memory
of the machine to discover it.

If it is only the storage of the sensitive data you are concerned
about, or the sensitivity of the data if it is transferred over the
network, there are other, easier ways to protect the data than in an
encrypted field.