search

utelle / SQLite3MultipleCiphers

SQLite3 encryption extension with support for multiple ciphers
https://utelle.github.io/SQLite3MultipleCiphers/
MIT License
390 stars 73 forks source link

How correctly change the cipher scheme in Linux #95

Closed Zapotecatl closed 1 year ago

Zapotecatl commented 1 year ago

Hi, the section Default Settings says this:

"Currently the cipher scheme sqleet: ChaCha20 is set as the default. However, this can be changed by setting the preprocessor symbol CODEC_TYPE to one of the values listed in the following table"

I want to use CODEC_TYPE_AES128. My platform is ubuntu.

I have tried with this:

./configure CFLAGS="-DSQLITE_HAS_CODEC -DCODEC_TYPE=CODEC_TYPE_AES128"

looks this works.

Also I have tried with:

../configure --with-aes128cbc CODEC_TYPE=Yes

looks this works.

Or maybe is something like this (I have not tested this code, I read the multiple ciphers documentation and I think my main program could be like this):

#include <stdio.h>
#include <string.h>
#include "sqlite3mc.h"

#ifndef SQLITE_HAS_CODEC
#define
#ifndef CODEC_TYPE=CODEC_TYPE_AES128
#define CODEC_TYPE=CODEC_TYPE_AES128
#endif

int main(){
  int rc;
  sqlite3 *db;
  sqlite3_stmt *stmt;
  char *password = "demo";

  rc = sqlite3_open("demo.db", &db);
  if(rc != SQLITE_OK){
    printf("failed to open database\n");
  }
  rc = sqlite3_key(db, password, strlen(password));
  if(rc != SQLITE_OK){
    printf("failed to key database\n");
  }
  rc = sqlite3_exec(db, "create table if not exists version(version_id integer primary key);", 0, 0, NULL);
  if(rc != SQLITE_OK){
    printf("failed to create version table\n");
  }
  rc = sqlite3_exec(db, "insert into version(version_id) values(5);", 0, 0, NULL);
  if(rc != SQLITE_OK){
    printf("failed to insert data into version table\n");
  }
  if(db != NULL){
    sqlite3_close(db);
  }
}

Please, could you tell me what is the correct way to configure the cipher scheme for AES 128?

utelle commented 1 year ago

Hi, the section Default Settings says this:

"Currently the cipher scheme sqleet: ChaCha20 is set as the default. However, this can be changed by setting the preprocessor symbol CODEC_TYPE to one of the values listed in the following table"

The preprocessor symbol CODEC_TYPE defines which cipher scheme will be used, if a cipher scheme was not explicitly selected at runtime. If a non-default cipher scheme should be used, it is necessary to issue a PRAGMA cipher= command naming the requested cipher scheme.

I want to use CODEC_TYPE_AES128. My platform is ubuntu.

If you want to make this cipher scheme the default one, you can simply define the preprocessor symbol CODEC_TYPE accordingly ...

I have tried with this:

./configure CFLAGS="-DSQLITE_HAS_CODEC -DCODEC_TYPE=CODEC_TYPE_AES128"

... as you did above. However, setting SQLITE_HAS_CODEC has no effect, unless your own code makes use of that symbol. That is, the following command will be sufficient:

./configure CFLAGS="-DCODEC_TYPE=CODEC_TYPE_AES128"

Also I have tried with:

../configure --with-aes128cbc CODEC_TYPE=Yes

looks this works.

Not sure what happens. My guess is that it's pure luck that it works.

Some developers want to create a smaller executable by excluding the code for the cipher schemes they don't want to use. For this purpose the configure option --without-<scheme> can be used where <scheme> can have the values aes128cbc, aes256cbc, chacha20, sqlcipher, or rc4. In any case the symbol CODEC_TYPE should be set to the actually requested default cipher scheme.

Or maybe is something like this (I have not tested this code, I read the multiple ciphers documentation and I think my main program could be like this):

This will not work. The default cipher scheme needs to be specified, when compiling the library itself, not the code using the library.

Please, could you tell me what is the correct way to configure the cipher scheme for AES 128?

Your first mentioned approach is the right one.

Zapotecatl commented 1 year ago

@utelle thanks a lot!