Open talmeme opened 3 months ago
I have a working integration, with corresponding SQLite-Kit and Fluent SQLite driver.
And a demo. Tested working on macOS Sonoma aarch64 and Ubuntu 22.04 aarch64 with Swift v5.10.
If this can be achieved using Swift Crypto we can probably looking at merging it. Otherwise it's probably a no go
If this can be achieved using Swift Crypto we can probably looking at merging it. Otherwise it's probably a no go
SQLcipher is implemented in C using SQLite's deprecated codec
hooks and compiled together with SQLite's C source. This likely precludes using Swift Crypto to implement an SQLcipher crypto provider.
An alternative approach is to use SQLite's VFS mechanism, as is done by SQLite3MultipleCiphers. Not sure how feasible to implement an SQLite VFS in Swift.
I'll let Gwynne chime in when she's back as she knows this far better than I do. The main issue is the inclusion of a system dependency on tomcrypt which complicates a number of things, including the fact that it hasn't had a release in 6 years and I find it very hard to believe there haven't been any security issues in that time.
OpenSSL is probably the only possibility if we need to link against something, but again, its a bulky library and another dependency that's required regardless of whether you're using it or not
I agree on tomcrypt. I use it because that's what Skip does, so I started with something known working.
I now see that it is easy to link SQLcipher with OpenSSL. BoringSSL works too, although, as you have mentioned, BoringSSL doesn't have stable API and usually needs to be built from source.
Updates:
SQLcipher is a standalone fork of the SQLite database library that adds 256 bit AES encryption of database files and other security features like:
SQLcipher uses one of CommonCrypto, libtomcrypt, NSS and OpenSSL for crypto functionality.