0

I want to create portable c++ application for myself [CLI] which will store my secret project information.

But i am not sure, how can i store information in my program, as whatever i will update in program when i am using it will be stored in buffer and when i will close it, it will get deleted and same informations will not be available at any place.

I want to store information persistently, what is the best way to do it. [Considering my application will be portable, i.e, i can carry it in my pen drive in any place and i can fetch my information from program].

Option i found was Datbase , but i have certain problem with database :-

1). sqlite => If any one gets my sqlite.db file, he will know all my secret project. 2). mysql/sql or any other database => They are not portable, it needs to be installed in system too and i need to import , export everytime in system wherever i will have to use it.

How such application stores information in crypted format, so that no one can read it easily.

Any help will be great.

Thanks

Dragon Snake
  • 53
  • 8
  • If you're not a security expert, don't even try to write your own encryption software. Use e.g. [TrueCrypt](http://www.truecrypt.org/) instead. – Ilmari Karonen Jul 24 '13 at 21:37
  • @IlmariKaronen There's a difference between writing encryption *algorithms* and *using* encryption in your own software. The latter does not require being a security expert, only not being a dumbass. – Jonathon Reinhart Jul 24 '13 at 21:41
  • 1
    @Jonathon: It does require knowing how to use the tools correctly and how to avoid the various possible pitfalls, as well as some understanding of possible attack scenarios. From the way the question is written, I doubt the OP has that necessary knowledge. (It'd be nice if there was an "idiot-proof" crypto library that ordinary people without any specialist experience could safely use without knowing how the underlying algorithms work. Alas, if there is one, I haven't seen it. In fact, a lot of crypto APIs seem almost _designed_ to trap careless users with things like insecure defaults etc.) – Ilmari Karonen Jul 24 '13 at 21:51
  • @IlmariKaronen I will agree with everything you just said though :-) – Jonathon Reinhart Jul 24 '13 at 21:52
  • Any reason you can't just use an encrypted pen drive? – Crowman Jul 24 '13 at 22:01

2 Answers2

1

If you want your data to remain secret then you must encrypt it.

How you persist the data (sqlite, text file, etc.) makes no difference whatsoever.

See also:

Community
  • 1
  • 1
Jonathon Reinhart
  • 132,704
  • 33
  • 254
  • 328
  • Yes, but my question is how to store data from my c++ program with portable feature and with encryption. – Dragon Snake Jul 24 '13 at 21:04
  • You could do that a million different ways. You have told us nothing about what your "secret project information" is, or what kind of data you're working with, so how can I possibly make a good recommendation? Not to mention, that would make this an opinion-based question, which is not good for StackOverflow. Just encrypt your data, and save it however you want to. – Jonathon Reinhart Jul 24 '13 at 21:08
  • Yes, from your above link, i went to few other links and have probably [98%] got my answer. Thanks bro :) – Dragon Snake Jul 24 '13 at 21:13
  • @JonathonReinhart: "You have told us nothing about what your 'secret project information' is" - excellent try, looks like he didn't fall for it though. – Crowman Jul 24 '13 at 21:59
1

This is not REALLY an answer, but it's far too long "discussion about your subject" to fit as a comment, and I'd rather break the rules by writing one "non-answer answer" (especially now that you have already accepted another answer) than write 6 comments.

First of all, if it's written in C++, it won't be truly portable in the sense that you can carry it around and plug it in anywhere you like and just access the ifnormation, because different systems will have different OS and processor architecture. Fine if you restrict being able to "plug in" on Windows and Linux with x86 - you only need to build two copies of your code. But covering more architectures - e.g. being able to plug into a iPad or a MacBook will require two more builds of the software. Soon you'll be looking at quite a lot of code to carry around (never mind that you need the relevant C++ compiler and development environment to built the original copy). Yes, C++ is a portable language, but it doesn't mean that the executable file will "work on anything" directly - it will need to be compiled for that architecture.

One solution here may of course be to use something other than C++ - for example Java, that only needs a Java VM on the target system - it's often available on a customer system already, so less of an issue. But that won't work on for example an ipad.

Another solution is to have your own webserver at home, and just connect to your server from your customer's site. That way, none of the information (except the parts you actually show the customer) ever leaves your house. Make it secure by studying internet/web-site security, and using good passwords [and of course, you could even set it up so that it's only available at certain times when you need it, and not available 24/7]. Of course, if the information is really top-secret (nuclear weapons, criminal activities, etc), you may not want to do that for fear of someone accessing it when you don't want it to be accessed. But it's also less likely to "drop out of your pocket" if it's well protected with logins and passwords.

Encrypting data is not very hard - just download the relevant library, and go from there - crypt++ is one of those libraries.

If you store it in a database, you will need either a database that encrypts on itself, or a very good way to avoid "leaking" the clear-text information (e.g. storing files on /tmp on a linux machine), or worse, you need to decrypt the whole database before you can access it - which means that something could, at least in theory, "slurp" your entire database.

Depending on how secret your projects are, you may also need to consider that entering for example a password will be readable by the computer you are using - unless you bring your own computer as well [and in that case, there are some really good "encrypt my entire disk" software out there that is pretty much ready to use].

Also, if someone says "Can I plug in my memory stick on your computer and run some of my from it", I'm not sure I'd let that person do that.

In other words, your TECHNICAL challenges to write the code itself may not be the hardest nut to crack in your project - although interesting and challenging.

Mats Petersson
  • 126,704
  • 14
  • 140
  • 227