AlexPeshkoff
commented
1 month ago What do you think about adding special function for signature generation to plugin?
Open aafemt opened 1 month ago
AlexPeshkoff
commented
1 month ago What do you think about adding special function for signature generation to plugin?
aafemt
commented
1 month ago It would make database dependent on plugin implementation. Currently it depends only on used algorithm i.e. any plugin implementing AES encryption can be freely replaced with other. I don't think that such function would be a good idea.
aafemt
commented
1 month ago I would suggest that in the database signature to be stored as encrypted SHA256 hash. In this case its check is a calculation of a new hash, decryption of old hash and comparison of these hashes. SHA256 is chosen because it has size 256 bits i.e. two DES/AES blocks.
Currently it is impossible to have a crypt plugin that support only decryption because of the method how database signature is checked.
Only working
decrypt()function should be enough for read-only access to encrypted databases.