Flutter:在加密的 SQLite 数据库中存储密码

huangapple go评论63阅读模式
英文:

Flutter : Store passwords in encrypted sqlite db

问题

我正在开发一个可以以加密方式存储密码在SQLite数据库中的应用程序。思路是用户将输入一个4-6位的PIN码(最好是数字),只有在用户输入PIN码后才能查看存储的密码。我正在尝试创建一种方法,通过该方法PIN码可以用作加密密钥。

这些是我尝试解决的条件:

  1. 密码以加密方式存储在SQLite数据库中。

  2. 数据库应该足够安全,以至于如果有人解析应用程序,他们不应该能够轻易破解它(希望如此)。

  3. 可能能够将数据库文件上传到用户的苹果/谷歌云作为备份,然后稍后恢复它。

你们可以建议如何实现这些的最佳方法吗?有什么包或包组合可以推荐吗?由于我正在尝试确定是否可能实现这一点,我还没有代码。这更多是为了与更大的社区验证方法。请不要删除这篇帖子。

英文:

I am working on an app that can store passwords in encrypted way in an sqlite db. The idea is, user will input a 4-6 digit pin (preferably number) and the stored passwords can only be viewed after the user enters the pin. I am trying to create a way, by which the pin can be used as an encryption key.

These are the conditions that I am trying to work on;

  1. Password stored in encrypted way in a sqlitedb

  2. the db should secure enough that if some body dis-assembles the app,
    they shouldn't be able to crack it open (hopefully).

  3. Possibly able to upload the db file to user's Apple/Google cloud as backup and later restore it.

Can you guys suggest what would be the best way to achieve these ? any package or combination of packages. Since I am trying to find out if this is indeed possible, I don't have a code yet. It's more to validate an approach with a larger community. Please don't remove this post.

答案1

得分: 1

我觉得这是一个可以完成的任务。 Flutter:在加密的 SQLite 数据库中存储密码 首先,你可以使用这个包来处理 Sqlite 数据库(看起来很受欢迎):

https://pub.dev/packages/sqflite

其次是密码加密,如果你需要通过 PIN 查看密码,我建议对称加密。有很多对称算法,你可以用单一密钥(可以是 PIN)来加密和解密密码:

https://cryptobook.nakov.com/symmetric-key-ciphers/popular-symmetric-algorithms

为了实现第二点,你可能需要生成一些在本地设备存储的盐,这样你就可以在应用程序中与 PIN 一起使用。

要与云同步文件,你可以使用其他包,比如:

(查找 Drive API)https://pub.dev/packages/googleapis

(可能不太受欢迎,但可能有效)https://pub.dev/packages/driven

英文:

I would say it is a doable task. Flutter:在加密的 SQLite 数据库中存储密码 First of all, you can use this package for working with Sqlite database (looks like it is quite popular):

https://pub.dev/packages/sqflite

Second thing is password encryption, well, if you need to be able to view the password using pin, I would recommend symmetric encryption for that. There is a lot of symmetric algorithms, that you can use to encrypt and decrypt password with single key (it can be pin):

https://cryptobook.nakov.com/symmetric-key-ciphers/popular-symmetric-algorithms

To achieve second point you probably need to generate some salt that will be kept on local device storage, so you can use it in application together with pin.

For synchronizing file with cloud you can use another packages like:

(look for Drive api) https://pub.dev/packages/googleapis

(not very popular, but probably works) https://pub.dev/packages/driven

huangapple
  • 本文由 发表于 2023年3月7日 00:57:59
  • 转载请务必保留本文链接:https://go.coder-hub.com/75653687.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定