phamtanlong / csharp-sqlite

Automatically exported from code.google.com/p/csharp-sqlite
Other
0 stars 0 forks source link

Encryption is not implemented in C#SQLite client connection and command objects #76

Closed GoogleCodeExporter closed 8 years ago

GoogleCodeExporter commented 8 years ago
You have ported the crypto.cs file over to C#, but this is not used anywhere in 
the project. The original SQLite understands the connection string keyword 
"password" but the current SqliteConnectionStringBuilder.cs has no mention of 
it. (As a sidenote there are other keywords that are not implemented are: 
FailIfMissing, Synchronous, Pooling)

Please consider at least supporting encryption! Thanks!

Original issue reported on code.google.com by nicholas...@gmail.com on 13 Aug 2010 at 12:30

GoogleCodeExporter commented 8 years ago
See CompilerOptions

Basically, you need to compile with the option SQLITE_HAS_CODEC, and that will 
turn on the encryption routines

Original comment by noah.hart@gmail.com on 13 Aug 2010 at 1:26

GoogleCodeExporter commented 8 years ago
This compilation option is already enabled. I think you missed my point :P
The routines are there but the connection string builder (and thus subsequently 
everything else) ignore the presence of encryption routines and make no use of 
these at all. I'm talking about the sqlite client connection and command 
objects etc.

Original comment by nicholas...@gmail.com on 13 Aug 2010 at 1:32

GoogleCodeExporter commented 8 years ago
Please re-open this issue, as I think the initial question was misunderstood. 
Thanks!

Original comment by nicholas...@gmail.com on 13 Aug 2010 at 1:54

GoogleCodeExporter commented 8 years ago
Any volunteers to make these changes?  I think a new Mono client is coming, 
we'll have to see what that brings.

Original comment by noah.hart@gmail.com on 13 Aug 2010 at 3:25

GoogleCodeExporter commented 8 years ago
From what I can see the keyword support is very limited (actually this project 
supports Encoding while the Mono client doesn't).
http://www.mono-project.com/SQLite

I'll see if I have enough time to try to sort encryption out.

Original comment by nicholas...@gmail.com on 13 Aug 2010 at 4:03

GoogleCodeExporter commented 8 years ago
If I understood correctly your question, you said that no crypto routines are 
used? To use them and after opening the database file, you should issue a 
PRAGMA hexkey with the passphrase in hexa. hexkey is expecting a key like this 
as a parameter  "0x0102030405060708090a0b0c0d0e0f10".

If the database file is empty, the new database will be encrypted. If the 
database file exists, it will be decoded with the key supplied. If key is 
incorrect, sqlite will fail to find the needed structures in the decoded pages.

Original comment by diego.to...@gmail.com on 17 Aug 2010 at 11:12

GoogleCodeExporter commented 8 years ago
However, if you are expecting to encrypt connections to the ado provider, this 
is not the purpose of the crypto routines.

Original comment by diego.to...@gmail.com on 17 Aug 2010 at 11:13

GoogleCodeExporter commented 8 years ago
Hi Diego, thanks for this. The aim is to emulate the sqlite way of doing 
things, i.e. attach a "Password=xxxxx" to the connection string and expect to 
do things the way you described.

Original comment by nicholas...@gmail.com on 18 Aug 2010 at 8:33

GoogleCodeExporter commented 8 years ago
how to use PRAGMA hexkey is with parameter  
"0x0102030405060708090a0b0c0d0e0f10" 

any sample 

Original comment by valon.hoti on 3 Mar 2011 at 7:54

GoogleCodeExporter commented 8 years ago
@valon -- The hexkey is your 34 character hex string key starting with 0x

Simply execute the following:

      cmd.CommandText = "PRAGMA hexkey='0x0102030405060708090a0b0c0d0e0f10';";
      cmd.ExecuteNonQuery();

Original comment by noah.hart@gmail.com on 7 Mar 2011 at 12:05

GoogleCodeExporter commented 8 years ago
This issue was closed by revision 9d11b5b129.

Original comment by noah.hart@gmail.com on 7 Mar 2011 at 12:37