search

ncruces / go-sqlite3

Go bindings to SQLite using wazero
https://pkg.go.dev/github.com/ncruces/go-sqlite3
MIT License
499 stars 16 forks source link

Encryption extension #55

Closed ncruces closed 6 months ago

ncruces commented 9 months ago

Implementing: https://github.com/resilar/sqleet https://github.com/utelle/SQLite3MultipleCiphers

ncruces commented 6 months ago

Removal of SQLITE_HAS_CODEC has made this much harder than it had been.

Users that need vetted encryption should purchase the SQLite Encryption Extension. You'll have to build/embed SQLite yourself, but that shouldn't be hard.

I welcome any patches that wrap the additional SEE APIs, or sponsoring of a SEE license for me to do it myself.

Meanwhile, I'll probably work on a simpler approach that implements a VFS that uses Adiantum to do encryption at rest. This is strictly less secure than the above approach, for reasons stated in this article. Still, it's good enough for full disk, and filesystem, encryption on Linux/Android, so it should be good enough for many purposes.