search

has-taiar / SQLite.Net.Cipher

An easy to use extension for SQLite.Net PCL that allows you to seamlessly encrypt/decrypt data when inserted/accessed from the database by adding one simple attribute. Works great on all major platforms (iOS, Android, Windows Universal)
http://www.hasaltaiar.com.au/sqlite-net-cipher-secure-your-data-on-all-mobile-platforms-seamlessly-and-effortlessly/
MIT License
24 stars 21 forks source link

Issue with PCLCrypto 2.0 library #5

Closed vhugogarcia closed 7 years ago

vhugogarcia commented 8 years ago

Hello friends,

I'm wondering if you plan to update this library to support the latest version of PCLCrypto, due when we update it it breaks the application.

Any help is always welcome.

Thanks

alexrainman commented 8 years ago

I forked this project and fixed 3 of the issues. I will release it to nuget.

vhugogarcia commented 8 years ago

Thanks @alexrainman Could you share the link of the new fork you released in nuget, please?

Is that fork compatible with PCLCrypto 2.0?

vhugogarcia commented 8 years ago

Hello @alexrainman I found the nuget package, however when I installed it I keep getting this error:

/Users/Demo/Services/LocalDatabase/Content/DemoManager.cs(82,82): Error CS1729: The type SQLite.Net.Cipher.Data.SecureDatabase' does not contain a constructor that takes2' arguments (CS1729) (Demo)

On this method:

public DemoManager(ISQLitePlatform platform, string dbfile) : base(platform, dbfile)
{

}

Any idea? Can I set the third parameter as null?

alexrainman commented 8 years ago

Because in my version there's not. You need to pass a third parameter with cryptoservice, that way SaltText is not hardcoded in the library anymore.

This is what i do in PCL:

public MySecureDatabase(ISQLitePlatform platform, string dbfile, ICryptoService cryptoservice) : base (platform, dbfile, cryptoservice)
{
}

protected override void CreateTables()
{
}

ISQLite.cs

ISecureDatabase GetSecureConnection(string saltText);

Then, in you platform specific ISQLite implementation:

public ISecureDatabase GetSecureConnection(string saltText)
{
    var path = CopyDatabase(); // in case you ship a pre-made sqlite db
    var plat = new SQLite.Net.Platform.XamarinIOS.SQLitePlatformIOS();
    return new MySecureDatabase(plat, path, new CryptoService(saltText)); // third parameter
}

Then use the thing:

using (var conn = DependencyService.Get<ISQLite>().GetSecureConnection(salttext)) 
{
    conn.SecureQuery<T>("SOME SQL", keySeed);
}

I used xamarin forms dependency service in the example but its exactly the same if you use any other dependency injection technique.

I usually save KeySeed and SaltText to KeyChain

private string KeySeed()
{
    var keychain = CrossKeyChain.Current.
    var keySeed = keychain.GetKey("KeySeed");
    if (string.IsNullOrEmpty(keySeed))
    {
        keySeed = CryptoService.GenerateRandomKey(128) // 16 for saltText
        keychain.SetKey("KeySeed", keySeed);
    }
    return keySeed;
}

Cheers!

vhugogarcia commented 8 years ago

Thanks @alexrainman that worked really good. Thanks for sharing that information and I'm glad you were able to remove the hardcoded salt it had before.

has-taiar commented 7 years ago

The dependencies have been updated and a new version has been pushed, so closing this issue