search

mattn / go-sqlite3

sqlite3 driver for go using database/sql
http://mattn.github.io/go-sqlite3
MIT License
7.66k stars 1.08k forks source link

Implementing sqlite3_key sqlite3_rekey #200

Open x0d3r opened 9 years ago

x0d3r commented 9 years ago

I am looking for an implementation of the following encryption layers

#ifdef SQLITE_HAS_CODEC
/*
** Specify the key for an encrypted database.  This routine should be
** called right after sqlite3_open().
**
*/
SQLITE_API int sqlite3_key(
  sqlite3 *db,                   /* Database to be rekeyed */
  const void *pKey, int nKey     /* The key */
);
SQLITE_API int sqlite3_key_v2(
  sqlite3 *db,                   /* Database to be rekeyed */
  const char *zDbName,           /* Name of the database */
  const void *pKey, int nKey     /* The key */
);

/*
** Change the key on an open database.  If the current database is not
** encrypted, this routine will encrypt it.  If pNew==0 or nNew==0, the
** database is decrypted.
**
*/
SQLITE_API int sqlite3_rekey(
  sqlite3 *db,                   /* Database to be rekeyed */
  const void *pKey, int nKey     /* The new key */
);
SQLITE_API int sqlite3_rekey_v2(
  sqlite3 *db,                   /* Database to be rekeyed */
  const char *zDbName,           /* Name of the database */
  const void *pKey, int nKey     /* The new key */
);

/*
** Specify the activation key for a SEE database.  Unless 
** activated, none of the SEE routines will work.
*/
SQLITE_API void sqlite3_activate_see(
  const char *zPassPhrase        /* Activation phrase */
);
#endif

And add the following methods:

db, err := sql.Open("sqlite3", "hostxs","key")

db, err := sql.SetDatabaseKey("sqlite3", "hostxs","key")
mattn commented 9 years ago

sql.Open is interface of database/sql so I will not provide such unction that take three arguments. However, I may be possible to support query parameter that add the feature. For example:

db, err := sql.Open("sqlite3", "foo.db?_key=XXX")
x0d3r commented 9 years ago

Totally agree, thanks for your time

gjrtimmer commented 6 years ago

I'm thinking about implementing those call in a golang CGO header and redirect to golang function which uses Golang Native AES encryption which means no dependency on OpenSSL. @x0d3r we should implement the DSN _key option when you are binding this package to a SQLite which is compiled with HAS_CODEC and provides an implementation.

ivincent6 commented 4 years ago

Were these function calls ever implemented?

barats commented 1 year ago

I'm thinking about implementing those call in a golang CGO header and redirect to golang function which uses Golang Native AES encryption which means no dependency on OpenSSL. @x0d3r we should implement the DSN _key option when you are binding this package to a SQLite which is compiled with HAS_CODEC and provides an implementation.

implementing those call in a golang CGO header and redirect to golang function which uses Golang Native AES encryption

Is it done yet?

jgiannuzzi commented 1 year ago

I have implemented support for these functions through SQLCipher in the following PR: https://github.com/mattn/go-sqlite3/pull/1109. It does depend on OpenSSL at this stage, but it's probably better than not having encryption support at all.