Perl - SQLite3 DB encryption

Question

I successfully managed to create a SQLite3 DB with Perl using Perl::DBI module. I was wondering if there was a way to add encryption to the database to my existing Perl code ?

I read thoroughly the 2 following links :

• Password Protect a SQLite DB. Is it possible?

• SQLite with encryption/password protection

but the provided examples seem only to include proprietary software or C# code (especially this bit here https://stackoverflow.com/a/24349415/3186538).

Thanks in advance.

Answer 1

Well, you could run your data through any of the Crypt::* modules (::DES, ::Blowfish, ::IDEA, etc, in conjunction with ::CBC), then possibly encode it with base64 to get text, before writing it to the DB. And, of course, reverse the operation when reading. You could even create a Perl::DBICrypt module that sat above Perl::DBI and did this automagically.

However, it depends pretty much on how you're going to use it. If you're just worried about someone stealing and using your data, the encryption would be feasible since, without the key, it would be useless.

On the other hand, if you're trying to protect data in a system you distribute, then the key will be available to the attacker (since, without it, your code won't work). So encrypting in that case would be a minor inconvenience at best.

It's something that could only really work if you kept the key away from the attacker (such as if the Perl code runs in an app server controlled by you).

Basically any solution that decrypts data on a box accessible to an attacker will be vulnerable.