SQLite for password manager?

T

t38c3j2018-07-31 11:49:24

Information Security

t38c3j, 2018-07-31 11:49:24

I'm thinking of writing my own password manager with ********** and ******. I don't claim anything. Here I look at how best to keep passwords and various notes classified as secret. The choice fell on SQLite due to the fact that I can easily set the database structure, use joins, in short, use the capabilities of a relational database. I plan to first write a CLI version of the manager on Go, Go due to cross-platform, then HTTP Proxy to CLI, and there you can already have applications for smart and desktop.
But is it safe to store such information in SQLite if you use https://github.com/sqlcipher/sqlcipher or the like? how are things going with storing data in memory, are they encrypted there if they get there?

Reply

Answer the question

In order to leave comments, you need to log in

2 answer(s)

S

Stalker_RED, 2018-07-31
@Stalker_RED

See how KeePass is made , try to come up with a better scheme (there is no point in making a product that will obviously be worse?)
At the same time, you can add your suggestions to keepass. :)

R

Roman Mirilaczvili, 2018-07-31
@2ord

The fields will be in memory in the form in which they are stored in SQLite.
I believe it would be correct to use a foreign key (master password), with the help of which the password fields will be encrypted. Before entering the password, you need to encrypt with a key using OpenSSL, then you can process Base64 to store as strings, not BLOBs.
Firefox stores passwords in SQLite.