sqlite icon indicating copy to clipboard operation
sqlite copied to clipboard

Published 20 hours ago verified publisher icon crawshaw

Add support for SQLeet full database encryption

Open alinz opened this issue 4 years ago • 12 comments

This is a PR related to issue https://github.com/crawshaw/sqlite/issues/92.

alinz avatar Jun 14 '20 21:06 alinz

@alinz I pushed a rather large commit that gets everything working as I'd like using build tags. The last things to add are some more package level and README docs about this feature. I'm probably going to add those things next weekend and likely merge it if I don't hear any objections from @crawshaw before then. I'll also deal with the conflicts with master next weekend as well.

Thanks for getting the ball rolling on this. This also lays the groundwork for adding support for SQLCipher as well if someone wants to go that route.

AdamSLevy avatar Jun 21 '20 23:06 AdamSLevy

@alinz you don't need to do anything. I already merged master into this branch. It's good to go. Let me know if it doesn't work for you after you pull.

AdamSLevy avatar Jun 22 '20 05:06 AdamSLevy

I see you fixed the import. Thanks.

AdamSLevy avatar Jun 22 '20 05:06 AdamSLevy

@AdamSLevy I will revert my change. This is funny, both of us were trying to fix the same issue 🤣

alinz avatar Jun 22 '20 05:06 alinz

@AdamSLevy There is only one small issue, The version of sqlite3 in sqleet is 3.31.1 but the actual sqlite3 is 3.32.2. I did try to compile sqleet to the latest sqlite3, but wasn't be able to compile and rebuild rekeyvacuum.c. If version difference is not that important, I can defer it to later.

Amazing job, thanks for pushing this forward.

alinz avatar Jun 22 '20 05:06 alinz

@alinz why did you revert that change? It was needed and you pushed it first. It's all good when that happens. My commit would have looked identical to yours, and if there had been issues they can always be fixed. Anyway I've merge master to this branch again, which contains that fix. So you don't need to do anything. But in the future please don't un-fix things you just fixed :)

The version of sqlite3 in sqleet is 3.31.1 but the actual sqlite3 is 3.32.2.

This is OK. If you run go build it will use the latest release of SQLite3: 3.32.2. If you run go build -tags=sqleet it will build with the latest version of SQLeet: 0.31.1. When SQLeet releases version 0.32.2 then I'll update the SQLeet C code. If you want to build the SQLeet amalgamation C file against the latest SQLite release, you are welcome to maintain that in your own fork, but I'm not going to support that for the main branch.

I did try to compile sqleet to the latest sqlite3, but wasn't be able to compile and rebuild rekeyvacuum.c

I don't understand what you're talking about here. There is no such file on this branch or in this repo.

AdamSLevy avatar Jun 22 '20 05:06 AdamSLevy

The reason I reverted it was because my change caused an unnecessary merge conflicts. I was using multiple imports, you were using single import.

I had to be more descriptive about the last problem, I was talking about sqleet's main repo. I was trying to build it from source so I could put the amalgamation C file into this project. I guess I will wait until they support it.

alinz avatar Jun 22 '20 06:06 alinz

So I am afraid after doing more research on updating sqleet to the latest sqlite version I am going to hold off on merging this PR. I'm going to leave it open though as it works for the latest version of sqleet. https://github.com/resilar/sqleet/issues/38

The reason is that there is currently no way for sqleet to support versions of sqlite3 past 3.32.0 because of some internal changes to sqlite. I don't want to steer users of this package towards adopting an encryption library that is not currently supported.

I am interested in finding the right encryption extension. It's likely that SQLcipher will eventually get a work around to this, but that will take some time. It's possible sqleet will adapt at some point in the future. but I don't want to merge this quite yet. Another promising project is here: https://utelle.github.io/SQLite3MultipleCiphers/

I haven't totally ruled out merging this PR yet, I'm just not ready to pull the trigger. I want to give these other projects some time to adapt to SQLite's latest changes.

I do plan to port some of the work I did in this PR to make it easier to control how SQLite is compiled. It is a goal to allow users of this package to link against a shared system library for SQLite instead of compiling it in. The work in the branch lays the groundwork for some of that.

AdamSLevy avatar Jun 27 '20 21:06 AdamSLevy

@AdamSLevy I believe SQLite3MultipleCiphers has released first major version which support new version of sqlite interface.

The new release can be found here: https://github.com/utelle/SQLite3MultipleCiphers/releases/tag/v1.0.0

Let me know if you need any help on my end.

alinz avatar Aug 27 '20 19:08 alinz

That's awesome. I'm probably not going to have time to work on this few a couple weeks at least. But I will eventually take a look.

AdamSLevy avatar Aug 27 '20 19:08 AdamSLevy

@AdamSLevy I'd like to help to push this forward. I just need some guidance on your plan.

alinz avatar Oct 05 '20 19:10 alinz

@AdamSLevy happy new year, just wanted to see if you plan to work on this, or anything I can do to help you on this

alinz avatar Dec 31 '20 17:12 alinz