Open talmeme opened 1 month ago
talmeme
commented
1 month ago I have a working integration, with corresponding SQLite-Kit and Fluent SQLite driver.
And a demo. Tested working on macOS Sonoma aarch64 and Ubuntu 22.04 aarch64 with Swift v5.10.
0xTim
commented
1 month ago If this can be achieved using Swift Crypto we can probably looking at merging it. Otherwise it's probably a no go
talmeme
commented
1 month ago If this can be achieved using Swift Crypto we can probably looking at merging it. Otherwise it's probably a no go
SQLcipher is implemented in C using SQLite's deprecated codec hooks and compiled together with SQLite's C source. This likely precludes using Swift Crypto to implement an SQLcipher crypto provider.
An alternative approach is to use SQLite's VFS mechanism, as is done by SQLite3MultipleCiphers. Not sure how feasible to implement an SQLite VFS in Swift.
0xTim
commented
1 month ago I'll let Gwynne chime in when she's back as she knows this far better than I do. The main issue is the inclusion of a system dependency on tomcrypt which complicates a number of things, including the fact that it hasn't had a release in 6 years and I find it very hard to believe there haven't been any security issues in that time.
OpenSSL is probably the only possibility if we need to link against something, but again, its a bulky library and another dependency that's required regardless of whether you're using it or not
talmeme
commented
1 month ago I agree on tomcrypt. I use it because that's what Skip does, so I started with something known working.
I now see that it is easy to link SQLcipher with OpenSSL. BoringSSL works too, although, as you have mentioned, BoringSSL doesn't have stable API and usually needs to be built from source.
talmeme
commented
1 month ago Updates:
SQLcipher is a standalone fork of the SQLite database library that adds 256 bit AES encryption of database files and other security features like:
SQLcipher uses one of CommonCrypto, libtomcrypt, NSS and OpenSSL for crypto functionality.