OpenDBX

for Project:

Open Database abstraction layer

Register as a new user

Task #31 — SqlCipher backend - encrypted Sqlite3

Attached to Project — OpenDBX
Opened by S Allmann (sallmann) - Sunday, 25 Apr 2010, 6:53pm
Last edited by Norbert Sendetzky (nose) - Monday, 26 Apr 2010, 8:34am
Feature Request Low
Library Normal
New 1.4.x
No-one Undecided
All 0% complete
There's an API compatible version of Sqlite3 with "on-the-fly" encryption: http://www.zetetic.net/software/sqlcipher/

The /usr/lib/sqlite3.so may be replaced with this in order to use encrypted database support. Perhaps there is someone able to implement the sqlite3_key(), sqlite3_rekey(), ... functions to a new sqlcipher-backend.

Hope someone will be able to get sqlcipher working correctly with OpenDBX as using 'PRAGMA key="xxx"' leads to some memory leaks, at least what I experienced here on my dev system using valgrind.

Comments (1) | Attachments (0) | Related Tasks (0/0) | Notifications (1) | Reminders (0) | History |

Date User Event
Monday, 26 Apr 2010, 8:41am Norbert Sendetzky (nose) Comment edited (Comment by Norbert Sendetzky (nose) - Monday, 26 Apr 2010, 8:40am)
Previous value New value
Hi Stefan

It should be possible to hand over the keys using odbx_set_option() and execute sqlite_key() in the odbx_sqlite_bind() method if a key was set. The existing sqlite3 backend can be extended this way (using conditional compilation) without the need of implementing a new backend. Unfortunately, the key is not allowed to contain " " characters as odbx_set_option() doesn't support an additional size parameter. Also not sure about the sqlite_rekey() function.


Norbert
Hi Stefan

It should be possible to hand over the keys using odbx_set_option() and execute sqlite_key() in the odbx_sqlite_bind() method if a key was set. The existing sqlite3 backend can be extended this way (using conditional compilation) without the need of implementing a new backend. Unfortunately, the key is not allowed to contain "zero byte" characters as odbx_set_option() doesn't support an additional size parameter. Also not sure about the sqlite_rekey() function.


Norbert