Gittes-archive/spacedrive
2
0
Fork 0
mirror of https://github.com/spacedriveapp/spacedrive.git synced 2025-12-11 20:15:30 +01:00
Code Issues Packages Projects Releases Wiki Activity
spacedrive/.tasks/SEC-002-database-encryption.md
Jamie Pine e07c28c484 (chore): update tasks
2025-10-14 20:39:56 -07:00

28 lines
1.1 KiB
Markdown
Raw Blame History

---
id: SEC-002
title: SQLCipher for At-Rest Library Encryption
status: To Do
assignee: james
parent: SEC-000
priority: High
tags: [security, database, core, encryption]
whitepaper: Section 8.1
---
## Description
Implement transparent, at-rest encryption for all library databases (`.sdlibrary/database.db`) using SQLCipher. Keys should be derived from a user-provided password using PBKDF2 to protect against brute-force attacks.
## Implementation Steps
1. Integrate a `SQLCipher` compatible Rust crate (e.g., `sqlx-sqlcipher`).
2. Modify the `Database::open` and `Database::create` methods to accept an optional password.
3. Implement key derivation logic using `PBKDF2` with a unique, stored salt for each library.
4. Develop the CLI/UI flow for prompting for and managing library passwords.
## Acceptance Criteria
- [ ] A new library created with a password has its `database.db` file encrypted.
- [ ] The application can successfully connect to and query an encrypted database with the correct password.
- [ ] An attempt to open an encrypted database without a password fails with a clear error.
Reference in New Issue View Git Blame Copy Permalink