APAF's Secure database support

[fpietrosanti]

This ticket is to propose and describe a feature to secure the data of the application built with APAF.

Every APAF application will have it's own databases and, given that it is focusing on Desktop environment, it would mostly uses sqlite.
APAF does provide an anonymous and security framework for the application built with it.

It is valuable to provide to Apaf's applications developers an easy support to have storage encryption.

Storage encryption will provide greatly simplified protection of data on the APAF's application computer in case of computer theft or seizure, without the need to deal with filesystem encryption tools.

APAF application developer should be provided a set of API to facilitate:

• The creation of one or more database for uses by APAF application
• The security policy for uses of that secure database
  • encrypted
  • clear
• The security policy for uses of the secure database
  • keep password stored and unlock automatically
  • use a temporary random password (for volatile, temporary databases)
  • ask via web for database unlock password
• A way to load the database and/or unlock it and/or query it's status

It will be up to the APAF application to decide at first run, and all subsequent startup, to ask to load it's databases, if in clear or encrypted format.

The proposed technology for implementation of a Secure Database is Sqlite + Sqlcipher (http://sqlcipher.net/) .

The encryption of the databases will be done trough a dedicated key file, that must be encrypted with the unlock password for the database.
The use of a key files, is to allow in future possibly easy implementation of self-destruction functionalities targeting database key files, rather than just data.

The creation of a "temporary database" will be done with a random password, to be kept only in RAM memory, and that will be deleted at next Application restart.
This is useful for temporary data storage that may require structured data, but that the application developer want to be "volatile" and self-destroy at each application restart.

Making the data file for the application available via APAF's API, would allow in future much more easier implementation of secure data-backup/data-restore functionalities from within APAF framework.

Ask for review/opinion to @hellais @mmaker @vecna @evilaliv3 @ioerror @KAepora