Results 1 to 4 of 4

Thread: how to use a hashed password as a private key for data encryption/decryption in Qt?

  1. #1
    Join Date
    Jan 2020
    Posts
    3
    Qt products
    Qt5
    Platforms
    Unix/X11

    Default how to use a hashed password as a private key for data encryption/decryption in Qt?

    I'm sure I'm not the first to ask something like this, but I haven't been able to find anything useful so I'm posting this to get your help, thank you.

    I'm trying to create an app to store some user data. I'm using sqlite to keep track of everything. The idea is that a user can create their own login. The login password will be hashed and the cipher kept in the db. The user should be able to use that hashed password as a private key to encrypt/decrypt other data they enter into the app. The data is stored locally on their computer so I don't want anyone to just open up the db and view all the user's info that's why I need to encrypt/decrypt that data during run time. I don't know how to write something like this. Can anyone give me some suggestions on where to start. I can't find any Qt class that would allow for encryption/decryption during run time. For the hash I was thinking of using QCryptographicHash, but can't figure out how to properly do that with a password. Would anyone mind showing me what the syntax for that would be? Do I need to import any libraries or should I be using only the qt functions? Anyway, I would really appreciate any help with this because it's the part I'm stuck on and can't finish my app without this feature.

    Also, the encryption needs to be strong enough to store sensitive data like social security numbers or credit card numbers.

    Edit: I'm aware that this isn't very secure, but for now I just need to have the password hashed and the data encrypted. I'm going to work on making it more secure later like adding 2 factor authorization.
    Last edited by Pachuca; 8th February 2020 at 19:11.

  2. #2
    Join Date
    Mar 2009
    Location
    Brisbane, Australia
    Posts
    7,729
    Thanks
    13
    Thanked 1,610 Times in 1,537 Posts
    Qt products
    Qt4 Qt5
    Platforms
    Unix/X11 Windows
    Wiki edits
    17

    Default Re: how to use a hashed password as a private key for data encryption/decryption in Q

    There are fully encrypted Sqlite database tools like SQLite Crypt (http://www.sqlite-crypt.com/) and SQLite Encryption Extension (https://www.sqlite.org/see) available commercially. SQL Cipher (https://www.zetetic.net/sqlcipher/) is available as open source or commercially.

    It might be best to build the Qt Sqlite plugin using one of these rather than roll your own. The user password should be run through a key stretching before it is used to create the Sqlite file and later decrypt the file. The file cannot be opened with an incorrect password.

  3. #3
    Join Date
    Jan 2020
    Posts
    3
    Qt products
    Qt5
    Platforms
    Unix/X11

    Default Re: how to use a hashed password as a private key for data encryption/decryption in Q

    Quote Originally Posted by ChrisW67 View Post
    It might be best to build the Qt Sqlite plugin using one of these rather than roll your own.
    That sounds great. I'm going to use the sqlcipher open source, but how do I do this part? It's my first time making a project like this. I've never even made an executable program before, this is my first attempt. Do I need to include it in the .pro file or should I clone it from git than make >> sudo make install ? Where can I find a step by step guide for doing this with qt creator (v5.14.1) in Ubuntu 18.04?

    edit:

    I think I found something from DB Browsers github as a step by step for getting sqlcipher installed, but how do I add it to Qt Creator?
    Last edited by Pachuca; 13th February 2020 at 20:25.

  4. #4
    Join Date
    Mar 2009
    Location
    Brisbane, Australia
    Posts
    7,729
    Thanks
    13
    Thanked 1,610 Times in 1,537 Posts
    Qt products
    Qt4 Qt5
    Platforms
    Unix/X11 Windows
    Wiki edits
    17

    Default Re: how to use a hashed password as a private key for data encryption/decryption in Q

    Assuming you followed those instructions then you have a libsqlcipher.so shared library somewhere on your system. If configured with system-sqlite option, Qt Sqlite driver will be looking for a libsqlite.so on your system to link with at run time.
    To use the aternate library you need to clone the Qt Sqlite driver source, rename it, and modify it to use the new shared library.

    Alternatively, you obtain the Qt source, replace the 3rdparty/sqlite code with the sqlcipher equivalent, and build the Qt Sqlite driver using the embedded code.

    This is done with the Qt and compiler you are using to compile your programs, not Qt Creator's run time version of Qt. There is nothing to do in Qt Creator to make the resulting plugin available.

Similar Threads

  1. [HELP] AES CBC & ECB Encryption & Decryption
    By nemoryoliver in forum Qt Programming
    Replies: 1
    Last Post: 12th February 2014, 08:28
  2. Replies: 1
    Last Post: 21st May 2011, 10:26
  3. AES Encryption Decryption of a file using Qt
    By merry in forum Qt Programming
    Replies: 1
    Last Post: 7th December 2010, 14:22
  4. Encryption and decryption
    By vermarajeev in forum General Programming
    Replies: 5
    Last Post: 27th August 2007, 22:17
  5. Basics of Encryption and decryption
    By vermarajeev in forum General Discussion
    Replies: 4
    Last Post: 26th April 2007, 12:53

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
Digia, Qt and their respective logos are trademarks of Digia Plc in Finland and/or other countries worldwide.