op-sqlite icon indicating copy to clipboard operation
op-sqlite copied to clipboard
verified publisher icon OP-Engineering

[Question]: libsql encryption support

Open kingjack05 opened this issue 11 months ago • 10 comments

Hi! First of all, thanks for the amazing work!

I'm interested in using opsqlite with libsql for a personal project and I'm wondering if the docs here are incorrect as per libsql documentation, they do support encryption at rest.

kingjack05 avatar Jan 09 '25 05:01 kingjack05

no, they are not wrong. The binary that is compiled currently does not support encryption due to some technical constraints. Maybe some day in the future when someone sponsors the work.

ospfranco avatar Jan 09 '25 05:01 ospfranco

OK, thanks for answering!

kingjack05 avatar Jan 09 '25 09:01 kingjack05

Going to leave this open for folks that ask about it.

ospfranco avatar Jan 09 '25 09:01 ospfranco

@ospfranco: can I ask for more details regarding the technical constraints?

Is this comment on the PR introducing React Native support to libSQL related?

  • Encryption seems to be compiling sqlcipher (?) via cmake, which also includes OpenSSL flags, the problem the compilation step is hard to integrate with Android (and that's why I had to disable it). Someone else that knows the internals of libsql should give it a try.

winghouchan avatar May 16 '25 15:05 winghouchan

Well, the bullet point describes the issue. Encryption required to compile openSSL for sqlcipher/libsql with cmake... could not get it to work, because it's complex

ospfranco avatar May 16 '25 15:05 ospfranco

@ospfranco: thanks for confirming the comment in the referenced PR is related to your comment in this issue.

Do you have more details on the compilation issue? What changes did you try? What specific errors did you experience? Perhaps you have notes documenting your attempt or a WIP branch?

I'm asking because I made an attempt at resolving this issue and was able to get successful builds for both libSQL and the OP SQLite Example App and tests passing in the OP SQLite Example App. "Successful" was italicised because I'm not familiar with libSQL or OP SQLite internals, and Android, iOS, C, Rust, or their build systems; so I have no idea if what I experienced actually verifies things were successful. Would you be able to take a look and give some feedback? Here's a diff.

winghouchan avatar May 17 '25 15:05 winghouchan

No idea about the libsql internals, the turso folks will have to take a look into it.

ospfranco avatar May 17 '25 15:05 ospfranco

@ospfranco: ok, thanks. I've opened a PR here: https://github.com/tursodatabase/libsql/pull/2070. Appreciate any feedback, if you have any.

winghouchan avatar May 18 '25 13:05 winghouchan

https://github.com/tursodatabase/libsql/issues/1384 also has relevant information regarding the root cause of the compilation issue.

winghouchan avatar May 18 '25 15:05 winghouchan

I think the Turso folks are full on board their Rust re-write, maybe there is no appetite to get this working at this point of the lifetime of libsql. Cannot say anything about the compilation of sqlcipher. If they approve the PR then I can see about merging it in op-sqlite.

ospfranco avatar May 19 '25 12:05 ospfranco