https://github.com/pinebit/qvault

QVault is the encrypted key-value store library for Qt/C++ with the focus on security.
https://github.com/pinebit/qvault

cpp11 encryption keyvaluestore openssl qt5

Last synced: 8 months ago
JSON representation

QVault is the encrypted key-value store library for Qt/C++ with the focus on security.

• Host: GitHub
• URL: https://github.com/pinebit/qvault
• Owner: pinebit
• License: gpl-3.0
• Created: 2018-03-25T14:07:05.000Z (about 8 years ago)
• Default Branch: master
• Last Pushed: 2023-04-12T12:21:42.000Z (almost 3 years ago)
• Last Synced: 2025-02-22T12:12:21.073Z (about 1 year ago)
• Topics: cpp11, encryption, keyvaluestore, openssl, qt5
• Language: C++
• Homepage:
• Size: 24.4 KB
• Stars: 1
• Watchers: 2
• Forks: 1
• Open Issues: 0
• Metadata Files:
  • Readme: README.md
  • License: LICENSE

Awesome Lists containing this project

README

          
# QVault

> QVault is the encrypted key-value store library for Qt/C++.

The library is using OpenSSL for data encryption, specifically:

- PKCS5_PBKDF2_HMAC_SHA1 for key derivation,

- EVP_aes_256_cbc cipher for encryption,

- HMAC w. EVP_sha256 for digest.

The library has been built with Qt5 (OpenSource) and C++11.

## Goals

The goal was to make the implementation the most secure, rather than super performant.

A typical usage of such a store is to persist user credentials, encryption keys and other

sensistive data (of small amount) on the disk that are accessed by "unlocking" the store with a password.

When store is locked, no "open text" data remains in memory, including AES encryption keys.

## Usage

For the very first time, a user shall create a vault instance protected with a password:

```cpp

#include 

bool success = QVault::create("~/vault.bin", "mystrongpassword");

```

After the store is created, the user must unlock it to being able set/get values:

```cpp

QVault vault("~/vault.bin");

bool success = vault.unlock("mystrongpassword");

// set a key-value pair

vault.setValue("btc-wallet-key", btcWalletKey);

// get a value for the key

bool ok;

QString btcWalletKey = vault.getValue("btc-walled-key", &ok).toString();

```

To change the password at any time (the store must be unlocked, of course):

```cpp

bool success = vault.changePassword("mynewstrongpassword");

```

After you finished accessing the values, just lock() it to ensure no encryption keys or any data left in memory:

```cpp

vault.lock()

```

## Notes

* All methods are synchronous and all write operations will commit all changes to the disk.

* You cannot enumerate keys by design, because getting all keys are insecure operation.

* You will need OpenSSL dev libs to be installed in your environment for this code to be built.

## License

GPLv3