SQLiteCpp icon indicating copy to clipboard operation
SQLiteCpp copied to clipboard
verified publisher icon SRombauts

Support different encryption libraries

Open jowr opened this issue 3 years ago • 5 comments

By default, SQLiteCpp support SQLCipher for encrypting a database and it is very difficult to integrate other SQLite3 libraries. The changes from this PR improve this situation and make it easier to integrate other SQLite3 implementations in the future.

The code has been tested with SQLite3MultipleCiphers which has to be built separately. It can be found afterwards by setting the SQLITE3MULTIPLECIPHERS_DIR variable in SQLiteCpp or within the project that includes SQLiteCpp.

Please do not hesitate to ask for further changes.

jowr avatar Dec 13 '22 09:12 jowr

Hi @jowr , I just want to be sure that the changes to CMakeLists.txt are:

  • check that sqlcipher is included and define SQLITECPP_USE_SQLITE3MULTIPLECIPHERS if enabled
  • check that SQLite3MultipleCiphers is included and define SQLITECPP_USE_SQLCIPHER if enabled
  • check that cannot be more than one encryption library at the same time So I can add this functionality to the meson project in case it gets merged

UnixY2K avatar Dec 20 '22 01:12 UnixY2K

  • check that sqlcipher is included and define SQLITECPP_USE_SQLITE3MULTIPLECIPHERS if enabled
  • check that SQLite3MultipleCiphers is included and define SQLITECPP_USE_SQLCIPHER if enabled

Actually, it is the other way round - SQLITECPP_USE_SQLITE3MULTIPLECIPHERS relates to using SQLite3MultipleCiphers and SQLITECPP_USE_SQLCIPHER switches to sqlcipher.

Furthermore the user should set the options SQLITECPP_USE_SQLITE3MULTIPLECIPHERS or SQLITECPP_USE_SQLCIPHER to express their intention of using one or the other. The compile flags are then set accordingly. Both libraries also set the SQLITE_HAS_CODEC compile flag. By default, the two encryption libraries are disabled and the internal SQLite version is enabled via the option SQLITECPP_INTERNAL_SQLITE.

  • check that cannot be more than one encryption library at the same time

That is correct. I use the alias target SQLite::SQLite3 to determine whether SQLite3 has been found. The script throws an error if the target exists and you try to enable another SQLite3 implementation.

In case all implementations are disabled, the script tries to find the default SQLite::SQLite3 on your system.

jowr avatar Dec 20 '22 09:12 jowr

  • check that sqlcipher is included and define SQLITECPP_USE_SQLITE3MULTIPLECIPHERS if enabled
  • check that SQLite3MultipleCiphers is included and define SQLITECPP_USE_SQLCIPHER if enabled

Actually, it is the other way round - SQLITECPP_USE_SQLITE3MULTIPLECIPHERS relates to using SQLite3MultipleCiphers and SQLITECPP_USE_SQLCIPHER switches to sqlcipher.

thanks, yes that was a typo from my side.

By default, the two encryption libraries are disabled and the internal SQLite version is enabled via the option SQLITECPP_INTERNAL_SQLITE

as for the libraries, is it required to use the internal implementation or there is no issue if we use the system provided?, mainly because on meson the dependencies are handled differently so the implementation might be somewhat different if that is the case

UnixY2K avatar Dec 20 '22 23:12 UnixY2K

No, there should be no problem using the system SQLite3 as long as you disable the internal implementation. This behaviour is unchanged compared to how it works today.

image

jowr avatar Jan 11 '23 11:01 jowr