FAQ
Hi, Dmitri,

sorry but I don't think it's a good idea to apply your patch
right now. I haven't tested it yet, but SQLCipher's README
says 1) building via 'amalgamation' isn't supported, 2) we must
define SQLITE_HAS_CODEC, 3) we need to link against a OpenSSL's
libcrypt iwth sha256 support. That means, if we want to enable
it, we also need those libraries (i.e. we also need to patch
Makefile.PL etc). And the SQLCipher's license looks like a bit
obscure, private one, which might not fit for a CPAN module.

Besides, you can freely issue PRAGMA (re)key="something" without
this patch. DBD::SQLite certainly ignores a password, but it's
derived from the DBI's API. I don't think it's a good idea to
use it in other way.

Thanks,

Kenichi

On Tue, 18 Aug 2009 07:30:33 -0700 (PDT), Dmitri Tikhonov wrote:

Hello,

I have been working with SQLCipher [1] and I have noticed that DBD::SQLite does not work out of the box with it. In order to use an encrypted database, the first thing that should happen is to issue a pragma that specifies the key to decrypt pages. I modified the login function (the patch is attached) to use the password, if set, as the key.

I was hoping this (or a modified, but equivalent) change could be made to the main line: it should not break existing code and will make DBD::SQLite work with SQLCipher.

- Dmitri.

1. "SQLCipher is an open source extension that provides transparent encryption of SQLite databases. Data pages are encrypted before being written to storage and decrypted on read." http://www.zetetic.net/software/sqlcipher/



Index: dbdimp.c
===================================================================
--- dbdimp.c (revision 31)
+++ dbdimp.c (revision 32)
@@ -106,6 +106,28 @@

sqlite3_busy_timeout(imp_dbh->db, SQL_TIMEOUT);

+ if (pass) {
+ /* If password is set, issue pragma to decrypt the database. Works
+ * with SQLCipher.
+ */
+ char pragma[0x100];
+ if (snprintf(pragma, sizeof(pragma), "PRAGMA key='%s'", pass) >=
+ sizeof(pragma))
+ {
+ sqlite_error(dbh, (imp_xxh_t*)imp_dbh, 1,
+ strdup("password too long"));
+ return FALSE;
+ }
+
+ if ((retval = sqlite3_exec(imp_dbh->db, pragma, NULL, NULL, &errmsg))
+ != SQLITE_OK)
+ {
+ /* warn("failed to set pragma: %s\n", errmsg); */
+ sqlite_error(dbh, (imp_xxh_t*)imp_dbh, retval, errmsg);
+ return FALSE;
+ }
+ }
+
if ((retval = sqlite3_exec(imp_dbh->db, "PRAGMA empty_result_callbacks = ON",
NULL, NULL, &errmsg))
!= SQLITE_OK)
_______________________________________________
DBD-SQLite mailing list
DBD-SQLite@lists.scsys.co.uk
http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/dbd-sqlite

Search Discussions

Discussion Posts

Previous

Follow ups

Related Discussions

Discussion Navigation
viewthread | post
posts ‹ prev | 2 of 3 | next ›
Discussion Overview
groupdbd-sqlite @
postedAug 18, '09 at 2:30p
activeAug 18, '09 at 5:07p
posts3
users2
websiteshadowcat.co.uk

People

Translate

site design / logo © 2021 Grokbase