>
> I don't follow your argument. You trust them enough to give them the public
> key for accessing your data through your program. You do not give them the
> private key, and you don't give them access to metadata.
>
> So I don't see how giving someone access to the app through an SSL
> certificate is placing everything in the trust of the user.
>
> But perhaps I am misunderstanding what you are saying . . .
>

Once they have unlocked the encrypted file/partition/directory and hence
have access to the database, all bets are off:
They can file copy the database file to another computer or make a
backup of the database and restore it elsewhere.
Protecting the database becomes really difficult if one doesn't control
the server.

Florian