3

I have made a tkinter desktop application and I have a table named auth with a single row which contains sensitive API credentials. My thought is to encrypt this table using pysqlcipher (link) or equivalent.

According to the documentation, you have to pass the PRAGMA key before doing any operation. If someone decompiled an .exe build of my app, couldn't they just find this key in the source code and then decrypt the database from there? If so, what's a common solution for protecting sensitive API credentials in a desktop app?

from pysqlcipher import dbapi2 as sqlite
conn = sqlite.connect('test.db')
c = conn.cursor()
c.execute("PRAGMA key='test'")
c.execute('''create table stocks (date text, trans text, symbol text, qty real, price real)''')
c.execute("""insert into stocks values ('2006-01-05','BUY','RHAT',100,35.14)""")
conn.commit()
c.close()

My sqlite table structure:

db.sqlite
|__ profiles
|__ auth
|__ tables

Disclaimer: I am no security or encryption expert but I am very willing to explore and learn all options.

Bryan Oakley
  • 370,779
  • 53
  • 539
  • 685
Jarad
  • 17,409
  • 19
  • 95
  • 154
  • 1
    `pragma_key` your computer hardware id/serial crypted with standart key. Every security chain required an `unique` step value. Use cpu_time+time(initial/first). – dsgdfg Sep 21 '16 at 05:29
  • It is secure until someone looks at your code. Looking at the Python code is easy even if 'compiled'. Doing it the way you proposed would make it somewhat tamper resistant but not impossible and certainly not too difficult. DRM is hard and starts by not choosing Python for a desktop app. Why do we have rappers who used to be gangsters now telling us piracy is wrong? Even with all the money in that industry, DRM is hard. +1 to @dsgdfg , but even with that, once the code is seen the jig is up. – Chris Townsend Sep 24 '16 at 16:28
  • Thoughts on storing credentials on a webserver and using salt encryption? I have no idea what this means exactly but I'm wondering if it's a possible solution. – Jarad Sep 26 '16 at 00:05

0 Answers0