Recently I’ve been working with some developers on an application with a strong security focus.
I’ve recommended to utilise SQLCipher + A user derived passphrase similar to the following: Collecting a Passphrase
However, the current way the developer has implemented it, is that the user-passphrase is stored in memory (good) and used to decrypt the encrypted database on-disk (bad).
Is this clearly against SQLcipher best practices? Should the encrypted SQLite database be copied to memory and THEN decrypted > updated > re-encrypted > re-written to disk as an encrypted database?
@commonsguy @sjlombardo Wondering if either of you have any input on this?
Hello @Daniel_Lee - SQLCipher is not intended to fully decrypt then re-encrypt databases. It operates on demand, decrypting and encrypting individual segments of the database which are organized into pages, as needed.
This allows SQLCipher work with both very small and very large databases. This would be impossible if copying into memory was a requirement. It also allows SQLCipher to work efficiently and avoid long startup and shutdown times.
Therefore, it would not be considered a standard practice to implement a copy-to-memory scheme with SQLCipher. This does mean that key material must be stored in memory to facilitate database access. SQLCipher does this by retaining derived keys in locked memory segments internally. Note that this means the application does not need to retain the user-passphrase provided it is using long running connections. In that case the application is free to wipe / overwrite its representation of the key.