Troubleshooting cipher config setup

m4heshd / better-sqlite3-multiple-ciphers

better-sqlite3 with multiple-cipher encryption support 🔒

MIT License

137 stars 27 forks source link

Troubleshooting cipher config setup #61

Closed jeremyml closed 5 months ago

jeremyml commented 11 months ago

I am able to open a database using DB Browser for SQLite but not able to open the same database with the code below.

const db = require('better-sqlite3-multiple-ciphers')('database.db', sqliteOptions);
db.pragma(`cipher='sqlcipher'`);
db.pragma(`legacy=3`);
db.pragma("key='123465'");
var stmt = db.prepare('SELECT * FROM eventlog');

Gives me the error SqliteError: file is not a database

But DB Browser can successfully open the file with the same passphrase (see screenshot below).

db browser screenshot

This gives me the same error SqliteError: file is not a database

const db = require('better-sqlite3-multiple-ciphers')('database.db', sqliteOptions);
db.pragma(`cipher='sqlcipher'`);
db.pragma(`legacy=3`);
db.pragma(`legacy_page_size=1024`)
db.pragma(`kdf_iter=64000`)
db.pragma(`kdf_algorithm=0`)
db.pragma(`hmac_algorithm=0`)
db.pragma(`plaintext_header_size=0`)
db.pragma("key='123465'");

Can you offer any suggestions to change the code above or otherwise troubleshoot?

jeremyml commented 11 months ago

I think this has something to do with the way the password is being represented internally. Maybe numbers vs strings. I was able to connect when I setup a test database with a new password. I'm going to contact the vendor and see if we can change the password to something else.

m4heshd commented 11 months ago

I was able to connect when I setup a test database with a new password

Was this new database created with DB4S or better-sqlite3-multiple-ciphers? And with the same configuration you mentioned above?

jeremyml commented 11 months ago

I got it solved by changing the password to a mix of letters and numbers. For some reason an all-numeric password set by the vendor has strange behavior (I can type it into DB4S, but pasting does not work). I will close the ticket.

This database was created by a software company which makes a time clock for employees (see link below). We have an add-on application which helps manage the employee time for about 100 employees at this company. But after they started encrypting the database our app could no longer connect to the DB (and their API lacked the features we need).

https://www.ncheck.net/ncheck-bio-attendance/

Thank you for making this package! Other sqlite packages were so difficult to build with the ciphers, but this one is great. It literally makes the difference between abandoning our little app we made for this company vs continuing to use the app.

Running NodeJS on Ubuntu 22.04

m4heshd commented 11 months ago

I got it solved by changing the password to a mix of letters and numbers. For some reason an all-numeric password set by the vendor has strange behavior

Typically, if it's possible to decrypt the database using DB4S, it should be possible to do the same with bs3ms.

I did follow the link you provided. It seems that the service requires registration and more information. Any chance you could provide a copy of this problematic DB without any sensitive data in it?

This needs to be debugged against the upstream library and if there's an actual issue, it needs to be addressed. I'm reopening this issue till then.

Thank you for making this package! Other sqlite packages were so difficult to build with the ciphers, but this one is great.

My pleasure.

m4heshd commented 5 months ago

Closing this issue due to lack of response from the author.