Gittes-archive/spacedrive
2
0
Fork 0
mirror of https://github.com/spacedriveapp/spacedrive.git synced 2025-12-11 20:15:30 +01:00
Code Issues Packages Projects Releases Wiki Activity
spacedrive/.tasks/SEC-002-database-encryption.md
Jamie Pine e07c28c484 (chore): update tasks
2025-10-14 20:39:56 -07:00

1.1 KiB
Raw Blame History

id, title, status, assignee, parent, priority, tags, whitepaper
id title status assignee parent priority tags whitepaper
SEC-002 SQLCipher for At-Rest Library Encryption To Do james SEC-000 High
security
database
core
encryption
Section 8.1

Description

Implement transparent, at-rest encryption for all library databases (.sdlibrary/database.db) using SQLCipher. Keys should be derived from a user-provided password using PBKDF2 to protect against brute-force attacks.

Implementation Steps

  1. Integrate a SQLCipher compatible Rust crate (e.g., sqlx-sqlcipher).
  2. Modify the Database::open and Database::create methods to accept an optional password.
  3. Implement key derivation logic using PBKDF2 with a unique, stored salt for each library.
  4. Develop the CLI/UI flow for prompting for and managing library passwords.

Acceptance Criteria

  • A new library created with a password has its database.db file encrypted.
  • The application can successfully connect to and query an encrypted database with the correct password.
  • An attempt to open an encrypted database without a password fails with a clear error.