go-sqlite3 icon indicating copy to clipboard operation
go-sqlite3 copied to clipboard
verified publisher icon mattn

Implementing sqlite3_key sqlite3_rekey

Open x0d3r opened this issue 10 years ago • 6 comments

I am looking for an implementation of the following encryption layers

#ifdef SQLITE_HAS_CODEC
/*
** Specify the key for an encrypted database.  This routine should be
** called right after sqlite3_open().
**
*/
SQLITE_API int sqlite3_key(
  sqlite3 *db,                   /* Database to be rekeyed */
  const void *pKey, int nKey     /* The key */
);
SQLITE_API int sqlite3_key_v2(
  sqlite3 *db,                   /* Database to be rekeyed */
  const char *zDbName,           /* Name of the database */
  const void *pKey, int nKey     /* The key */
);

/*
** Change the key on an open database.  If the current database is not
** encrypted, this routine will encrypt it.  If pNew==0 or nNew==0, the
** database is decrypted.
**
*/
SQLITE_API int sqlite3_rekey(
  sqlite3 *db,                   /* Database to be rekeyed */
  const void *pKey, int nKey     /* The new key */
);
SQLITE_API int sqlite3_rekey_v2(
  sqlite3 *db,                   /* Database to be rekeyed */
  const char *zDbName,           /* Name of the database */
  const void *pKey, int nKey     /* The new key */
);

/*
** Specify the activation key for a SEE database.  Unless 
** activated, none of the SEE routines will work.
*/
SQLITE_API void sqlite3_activate_see(
  const char *zPassPhrase        /* Activation phrase */
);
#endif

And add the following methods:

db, err := sql.Open("sqlite3", "hostxs","key")

db, err := sql.SetDatabaseKey("sqlite3", "hostxs","key")

x0d3r avatar Apr 25 '15 15:04 x0d3r

sql.Open is interface of database/sql so I will not provide such unction that take three arguments. However, I may be possible to support query parameter that add the feature. For example:

db, err := sql.Open("sqlite3", "foo.db?_key=XXX")

mattn avatar Apr 27 '15 00:04 mattn

Totally agree, thanks for your time

x0d3r avatar Apr 27 '15 01:04 x0d3r

I'm thinking about implementing those call in a golang CGO header and redirect to golang function which uses Golang Native AES encryption which means no dependency on OpenSSL. @x0d3r we should implement the DSN _key option when you are binding this package to a SQLite which is compiled with HAS_CODEC and provides an implementation.

gjrtimmer avatar Jun 12 '18 12:06 gjrtimmer

Were these function calls ever implemented?

ivincent6 avatar Oct 23 '19 23:10 ivincent6

I'm thinking about implementing those call in a golang CGO header and redirect to golang function which uses Golang Native AES encryption which means no dependency on OpenSSL. @x0d3r we should implement the DSN _key option when you are binding this package to a SQLite which is compiled with HAS_CODEC and provides an implementation.

implementing those call in a golang CGO header and redirect to golang function which uses Golang Native AES encryption

Is it done yet?

barats avatar Sep 06 '22 01:09 barats

I have implemented support for these functions through SQLCipher in the following PR: https://github.com/mattn/go-sqlite3/pull/1109. It does depend on OpenSSL at this stage, but it's probably better than not having encryption support at all.

jgiannuzzi avatar Nov 22 '22 15:11 jgiannuzzi