backend encryption / security

Michalis Kamprianis michalis at
Tue May 6 18:40:03 EDT 2014

I can see in uservoice, and I think frequently asked in lists, the request for encryption or password protection of the datafile. 

Regarding database backends, I believe that database encryption should be used if required, (although I understand that dbi may not be up to the task). 

Nevertheless, for xml backend, I think that I could try to implement an AES based encryption (on saving) and decryption (on opening), based on code from aescrypt. 
Aescrypt is available for unix, windows, mac, so the implementation should probably be portable across platforms. The code is some gpl and some freeware. 
Of course such a solution only protects data at rest (i.e. when data is read in memory it is not protected. Log files are not protected. User configuration files are not protected - at least initially, and so on) so it's not transforming gnucash to the most secure accounting software out there, but solves the problem with datafile misplacement or unwanted access. 

The thing is, (a) I don't know if you're interested and / or agree in implementing something like that, and (b) although I will probably manage to code the open and save routines, I'm not sure I will not get stuck somewhere, in which case it will either remain as an unfinished project, or I will need some help from somebody more experienced.

Your thoughts?


More information about the gnucash-devel mailing list