Overview
Examples
Screenshots
Comparisons
Applications
Download
Documentation
Tutorials
Bazaar
Status & Roadmap
FAQ
Authors & License
Forums
Funding Ultimate++
Search on this site
Search in forums












SourceForge.net Logo
Home » U++ Library support » U++ SQL » sqlite3 encryption (Has anyone looked into this?)
sqlite3 encryption [message #59051] Sat, 22 October 2022 06:12 Go to next message
jimlef is currently offline  jimlef
Messages: 90
Registered: September 2020
Location: US
Member
Just ran across this... Anyone else seen it? Any thoughts?

Encryption for SQLite3

Jim
Re: sqlite3 encryption [message #59052 is a reply to message #59051] Sat, 22 October 2022 08:24 Go to previous messageGo to next message
coolman is currently offline  coolman
Messages: 114
Registered: April 2006
Location: Czech Republic
Experienced Member
U++ sqlite plugin already uses the above implementation.
Re: sqlite3 encryption [message #59054 is a reply to message #59052] Sat, 22 October 2022 13:42 Go to previous messageGo to next message
jimlef is currently offline  jimlef
Messages: 90
Registered: September 2020
Location: US
Member
Well well Smile Now I have to try this out - thank you!

Quote:
coolman
U++ sqlite plugin already uses the above implementation.
Re: sqlite3 encryption [message #59056 is a reply to message #59051] Sat, 22 October 2022 19:54 Go to previous messageGo to next message
jimlef is currently offline  jimlef
Messages: 90
Registered: September 2020
Location: US
Member
So, hit and run q here (got to leave for work shortly) but...
PasswordDlg dlg;
dlg.Run() // ... <- to get password of course Wink
sqlite3.Open(dbname, password, CODEC_TYPE_SQLCIPHER);

Is that change enough to use the encryption? Another related link here, describing the c interface... have to read this all later.
https:// utelle.github.io/SQLite3MultipleCiphers/docs/configuration/c onfig_capi/
Re: sqlite3 encryption [message #59057 is a reply to message #59056] Sat, 22 October 2022 20:18 Go to previous messageGo to next message
coolman is currently offline  coolman
Messages: 114
Registered: April 2006
Location: Czech Republic
Experienced Member
jimlef wrote on Sat, 22 October 2022 19:54

PasswordDlg dlg;
dlg.Run() // ... <- to get password of course Wink
sqlite3.Open(dbname, password, CODEC_TYPE_SQLCIPHER);


Yes, this is enough. Take a look to the source code of the plugin Sqlite3upp.cpp
Re: sqlite3 encryption [message #59058 is a reply to message #59051] Sun, 23 October 2022 12:51 Go to previous messageGo to next message
jimlef is currently offline  jimlef
Messages: 90
Registered: September 2020
Location: US
Member
Ok, I think I have the basic idea, Thanks!

Source
Re: sqlite3 encryption [message #59059 is a reply to message #59058] Sun, 23 October 2022 15:04 Go to previous messageGo to next message
coolman is currently offline  coolman
Messages: 114
Registered: April 2006
Location: Czech Republic
Experienced Member
You can check encrypted Sqlite before Open() the DB using the function

bool Sqlite::IsFileEncrypted(const char *DBfilename) {
    FileIn in(DBfilename);

    if (!in) {
        return false;
    }

    String SqlVersion = "SQLite format 3";
    int SqlVersionLength = SqlVersion.GetCount();
    in.Seek(0);
    String version = in.Get(SqlVersionLength);
    in.Close();

    return (!version.IsEqual(SqlVersion));
}


With combination of returned code from Open() function

...
        int errCode = sqlite3db.GetErrorCode();
        String errMsg = Format("[ %s&&Error: %d (%s)]", t_("Loading the database has failed!"), errCode, sqlite3db.GetErrorCodeString());
        if (SQLITE_NOTADB == errCode) {
            errMsg = t_("The database is encrypted but decryption failed!&[= Did you use the correct password?");
        }
        ErrorOK(errMsg);
...


BR, Radek
Re: sqlite3 encryption [message #59062 is a reply to message #59051] Mon, 24 October 2022 10:49 Go to previous message
jimlef is currently offline  jimlef
Messages: 90
Registered: September 2020
Location: US
Member
Thank you again - I've done a bit more, but I wanted SQLCIPHER, so I 'updated' the sqlite3upp plugin on my side. I put the newest amalgamation files from here in lib (sqlite3mc_amalgamation.c & .h). I removed the aeshardware.c section (threw compile errors) from sqlite3mc_amalgamation.c & updated the Sqlite3.h & sqlite3upp.cpp files:
	int  ChangePassword(const String& password, int cipher = CIPHER_SQLCIPHER);
	int  CheckDBAccess();
	bool Open(const char *filename, const String& password = Null, int cipher = CIPHER_SQLCIPHER);
...
	enum Ciphers {
		CIPHER_CHAHA2020_SQLEET,
		CIPHER_CHAHA2020_DEFAULT,
+		CIPHER_AES256,
+		CIPHER_SQLCIPHER
	};


For Sqlite3upp.cpp:
int Sqlite3Session::SetDBEncryption(int cipher) {
	// "default:cipher" => use SQLCipher during the entire lifetime of database instance
	// CIPHER_CHAHA2020_SQLEET settings are backward compatible with the previous sqleet implementation in the U++
	// Note: It is not recommended to use legacy mode for encrypting new databases. It is supported for compatibility
	// reasons only, so that databases that were encrypted in legacy mode can be accessed.

	int retcode = SQLITE_ERROR;
	switch (cipher) {
		case CIPHER_CHAHA2020_DEFAULT: {
			int value = sqlite3mc_config(db, "default:cipher", CODEC_TYPE_CHACHA20);
			if (value != -1)
				value = sqlite3mc_config_cipher(db, "chacha20", "kdf_iter", 64007);
			if (value != -1)
				value = sqlite3mc_config_cipher(db, "chacha20", "legacy", 0);
			if (value != -1)
				value = sqlite3mc_config_cipher(db, "chacha20", "legacy_page_size", 4096);
			if (value != -1)
				retcode = SQLITE_OK;
			} break;
		case CIPHER_CHAHA2020_SQLEET: {
			int value = sqlite3mc_config(db, "default:cipher", CODEC_TYPE_CHACHA20);
			if (value != -1)
				value = sqlite3mc_config_cipher(db, "chacha20", "kdf_iter", 12345);
			if (value != -1)
				value = sqlite3mc_config_cipher(db, "chacha20", "legacy", 1);
			if (value != -1)
				value = sqlite3mc_config_cipher(db, "chacha20", "legacy_page_size", 4096);
			if (value != -1)
				retcode = SQLITE_OK;
		} break;
+		case CIPHER_AES256: {
+			int value = sqlite3mc_config(db, "default:cipher", CODEC_TYPE_AES256);
+			if (value != -1)
+				value = sqlite3mc_config_cipher(db, "aes256", "kdf_iter", 4001);
+			if (value != -1)
+				value = sqlite3mc_config_cipher(db, "aes256", "legacy", 0);
+			if (value != -1)
+				value = sqlite3mc_config_cipher(db, "aes256", "legacy_page_size", 0);
+			if (value != -1)
+				retcode = SQLITE_OK;
+		} break;
+		case CIPHER_SQLCIPHER:
		default: {
+			int value = sqlite3mc_config(db, "default:cipher", CODEC_TYPE_SQLCIPHER);
+			if (value != -1)
+				value = sqlite3mc_config_cipher(db, "sqlcipher", "kdf_iter", 256000);
+			if (value != -1)
+				value = sqlite3mc_config_cipher(db, "sqlcipher", "legacy", 0);
+			if (value != -1)
+				value = sqlite3mc_config_cipher(db, "sqlcipher", "legacy_page_size", 4096);
+			if (value != -1)
+				value = sqlite3mc_config_cipher(db, "sqlcipher", "hmac_use", 1);
+			if (value != -1)
+				value = sqlite3mc_config_cipher(db, "sqlcipher", "hmac_pgno", 0);
+			if (value != -1)
+				value = sqlite3mc_config_cipher(db, "sqlcipher", "hmac_salt_mask", 58);
+			if (value != -1)
+				value = sqlite3mc_config_cipher(db, "sqlcipher", "kdf_algorithm", 2);
+			if (value != -1)
+				value = sqlite3mc_config_cipher(db, "sqlcipher", "hmac_algorithm", 2);
+			if (value != -1)
+				value = sqlite3mc_config_cipher(db, "sqlcipher", "plaintext_header_size", 16);
+			if (value != -1)
+				retcode = SQLITE_OK;
+		} break;
	}
	return retcode;
}


I haven't modded any other code sections.

I'm sure that the aeshardware section can be fixed to eliminate the aes128 related errors (well, hopeful). This otherwise seems to update things quite a bit. I'm sure I'll run into plenty of introduced issues as I code more into this project of mine, but it's a start Smile
Previous Topic: PostgreSQL and clang: error: linker command failed with exit code 1 on MacOS X
Next Topic: Transfer compress data
Goto Forum:
  


Current Time: Thu Jun 13 20:18:11 CEST 2024

Total time taken to generate the page: 0.01423 seconds