Improve support for SQLCipher #597
Comments
|
Things to be aware of:
|
|
Ahhh, OK, so I'll re-consider whether or not to jump into that ring. Really disappointed I have to admit though - thought all this had finally stabilized. |
|
Sorry for the hassle. If you want to go ahead and do the sqlcipher package, feel free. My goal is to fix up that bundle with a seamless transition. I just wanted you to be aware of the stuff shifting around. |
|
That is quite annoying :( I have previously been able to make SQLite builds with encryption using the wxSqlite code base. @ericsink would you consider using that code base instead? |
|
@ndastur I don't know much about wxSqlite, which means I perceive it to be a greater risk. |
|
Minor update: After talking with the couchbase guy a bit more, I am more confident that I can incorporate new sqlcipher builds into |
|
@ericsink Yay!!! |
This commit is going in so I can work on the CI side. Still need to add support for the `key` pragma. Working on #597
The key quoting is not perfect - need to improve it in the future. Working on #597
|
I just release the new Gonna test it out a bit before closing this. If you have the time, I would like to know if it works for any of you. |
|
@praeclarum is the idea that I would reference sqlite-net-sqlcipher in my netstandard projects and app project? Or would I stick to using sqlite-net-pcl in netstandard projects and just sqlite-net-sqlcipher in my app project? |
|
@praeclarum Ignore my previous question, figured out to reference sqlite-net-sqlcipher everywhere. I tried testing out your nuget package (1.5.176-beta) in a xamarin.mac project but it threw a DllNotFoundException when I called SetKey, I've opened ericsink/SQLitePCL.raw#182 as the root issue seems to be in SqlitePCLraw.bundle_sqlcipher |
|
@praeclarum This may result executing "PRAGMA journal_mode=WAL" before executing "PRAGMA key=pragmakey" (SetKey function). So, I suggest removing the sentence "ExecuteScalar ("PRAGMA journal_mode=WAL");" in SQLiteConnection constructor. |
|
@SamShanWang Have you seen this exception being thrown on a particular device / platform? |
|
I think I am getting the error described by @SamShanWang Line 287 in 5603ee0 I am creating a
I have managed to pull my database from the device and can confirm the database is in fact encrypted, so I'm not sure what is going on here Can anyone else replicate? |
|
@praeclarum I have attempted to use your beta version: sqlite-net-sqlciper at 1.5.176-beta however I am unable to reference the package from a PCL library, is this by design? I could in theory push my data access layer out to a .NET Standard library but I wanted to check first as it could be a fair amount of effort. |
|
The reason I have looked to using the beta build is I am having issues relating to deploying a UWP build which I believe should be fixed as a result of this beta build? Basically when deploying it was complaining that SQLitePCLRaw.batteries_v2.dll is being copied from 2 places:
Which I need sqlcipher for encryption and it seems that sqlite-net-pcl depends on the green bundle. |
|
@bijington see here on how to implement SqlCipher resolving conflicting dependencies: |
|
@JKennedy24 thank you for the fast response. I can confirm that works. Although I did find that the bundle_green reference wasn't automatically added to the UWP project, adding it then fixed the issue. I am fairly new to Xamarin but it does seem like there is a log of config involved. Thanks again. |
|
@bijington Two points: I am indeed moving away from PCL to favor .NET Standard. I know the tooling hasn't all caught up and this can be frustrating, but PCLs have been deprecated and I won't support them in the future. Second, you don't need bundle_green if using cipher - bundle_green is just a simple hack to get a bunch of packages pre-confugured. I will update the README with the best way to use cipher. Thanks for the feedback and sorry for the confusion! |
|
@praeclarum Thanks for the response. No need to apologise I am fairly new so there has been plenty for me to learn :). I didn't choose to use bundle_green, it was the 'SQLitePCLRaw.bundle_sqlcipher' that I believe depends on bundle_green and brought it in. Does that mean by using your cipher package I can remove the need to use the pcl raw package as well? |
|
While the cipher bundle runs fine on UWP, the app store rejects it since it uses encryption libraries that they don't support. Any news on this from @praeclarum, @ericsink or Couchbase? |
|
@ericsink forgive my ignorance here, but that package is not directly installed in my project - I only see sqlite-net-sqlcipher. Do I need to replace that with sqlite-net and then YOUR sqlcipher? The relationship between SQL Cipher and SQLite-net has always confused me... |
|
No worries. :-) The So, leave all your other packages the same, and just add |
|
@ericsink thank you very much! that makes sense. |
|
You should not need to change anything for iOS and Android if those are already working. That And yes, your project should pass the store verification now, but please let me know if it does not. Your post above doesn't specify exactly what error messages you are seeing and how you got them, so I made an assumption that you are experiencing the same problem as seen in ericsink/SQLitePCL.raw#193, but if that assumption was wrong, well, that package update won't help. :-) |
|
Yes, I am getting those errors…
Thank you for the assistance!
From: Eric Sink [mailto:[email protected]]
Sent: Thursday, February 1, 2018 1:56 PM
To: praeclarum/sqlite-net <[email protected]>
Cc: Brian Limkemann <[email protected]>; Mention <[email protected]>
Subject: Re: [praeclarum/sqlite-net] Improve support for SQLCipher (#597)
You should not need to change anything for iOS and Android if those are already working. That SQLitePCLRaw.lib.sqlcipher.windows package is windows-specific anyway.
And yes, your project should pass the store verification now, but please let me know if it does not. Your post above doesn't specify exactly what error messages you are seeing and how you got them, so I made an assumption that you are experiencing the same problem as seen in ericsink/SQLitePCL.raw#193<ericsink/SQLitePCL.raw#193>, but if that assumption was wrong, well, that package update won't help. :-)
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub<#597 (comment)>, or mute the thread<https://github.com/notifications/unsubscribe-auth/AJ6LVYYRMnePFHDY6ywHXY0I2hO2yfO7ks5tQgiugaJpZM4OuU97>.
|
|
@JKennedy24 I have the same thing, it thinks that the DB is encrypted, but I can pull it off and see full contents. Also on the beta sqlcipher. Any ideas @praeclarum ? Thanks! |
|
@dompham I would suggest opening a new issue and including complete details about the problem you are having. |
|
I'll do that :) |
|
(sorry for posting the reply on this thread) My problem was libraries not correctly installed to my projects. If you run |
|
@SamShanWang thank you I'm working on a fix now. |
|
The encrypted database opens just fine following the steps in this guide: I've tested iOS and Android, both with version 1.5.176-beta and .Net standard 2.0 Keep up the good work! |
|
Hello @praeclarum - Thanks for all your work on sqlite-net. I was wondering if you plan to release the sqlite-net-base package available on NuGet in the near future? We are very much hoping to use sqlite-net-base as an API for interfacing with SQLCipher using SQLitePCLRaw.bundle_zetetic (which @ericsink recently published) for an upcoming version of SQLCipher. It would be great if we could depend on a non-prerelease version of sqlite-net-base. |
This is to prevent the error of turning on WAL (new default) before the key has been set. This also prevents the user from not calling the old SetKey functions at the wrong time. Working on #597
|
I have removed the SetKey functions in favor of providing the key to the constructor. This means that the pragmas will execute in the right order. |
|
Hello @praeclarum - Providing the key in the constructor looks like a good option to ensure that Also, I would really like to get some feedback from you regarding the packaging. As @ericsink mentioned earlier in the thread there are different ways to include SQLCipher. One of those is |
|
I have moved the key to the constructor in 1.5. @sjlombardo Yes I'm open to changing the constructor interface to help you out. Would you please open a new issue with your proposal? |
|
Hello, |
|
Hi @Samrak SQLCipher uses 256-bit AES in CBC mode by default. With our latest release of 4.0.0 there are a large number of compatibility changes to to be aware of. |
ghost
mentioned this issue
The key quoting is not perfect - need to improve it in the future. Working on praeclarum#597
This is to prevent the error of turning on WAL (new default) before the key has been set. This also prevents the user from not calling the old SetKey functions at the wrong time. Working on praeclarum#597
Hi @developernotes Thank you for this information - we are currently using this package and my client asked me what kind of padding is used (if any) but I cannot seem to find this information, could you kindly define if you are using any padding and which kind? Thanks ! |
|
@ognamala SQLCipher does not use padding for standard full database encryption; all plaintext is block aligned. The SQLCipher Commercial / Enterprise Value Level Encryption and Encrypted Virtual Tables features use PKCS#7. |
It's a common scenario to want to encrypt your database, so let's support it.
https://www.zetetic.net/sqlcipher/sqlcipher-api/#key
-sqlcipherpackage that referencesSQLitePCLRaw.bundle_sqlcipherSetKey()function to callPRAGMA KEY = 'text'PRAGMA KEY = 'text'is run before WALThe text was updated successfully, but these errors were encountered: