sqlcipher or any encryption

[alinz]

Is there any roadmap to use/port in sqlcipher or any other encryptions into this library?

[AdamSLevy]

No plans yet but thanks for putting it on my radar.

From my first look at sqlcipher I'm not sure it's a good idea to force this change on users. I would be open to an approach that used build tags to select whether sqlcipher is used. Basically an opt in feature.

If this is something you are interested in spearheading I would be grateful for the contribution.

[alinz]

I've been searching around and I found bunch of other implementations regarding the stream cipher, and I found this, It's by far simplest and smallest compare to others but I'm a little bit worried about protocol and implementation of that. Most of the case, people should not write their own crypto package.

I'd would love to help to push this forward but I need some guidance, maybe some documentation on how to integrate cipher into sql and let user decide what they want to use.

[alinz]

Hello @AdamSLevy,
During pass 2 days I was trying to port sqleet back to this and the result is here:
https://github.com/alinz/sqlite/tree/encryption

There are couple of issues:
1: new version of Sqlite3 has some api changes which requires deeper touch on c files and go files, that's why I had to go back to 3.31.1 version, which is fine for now.
2: I got the some part of the code working, I can encrypt the file, but upon opening it, sqlite driver error out:

sqlite.Conn.Prepare: SQLITE_NOTADB: file is not a database (PRAGMA journal_mode=wal;)

This is as far as I can go since I don't have a deep knowledge of this library and I was hoping you can guide me through this.

[AdamSLevy]

@alinz

Awesome work. Thank you. I took a closer look at both projects. I personally prefer sqlcipher as it seems like a more mature project. That being said, the techniques required to support either are going to be very similar, and they even use the exact same C API, which allows for the Go code to not change no matter which extension is selected.

Are you familiar with Go build tags? This is the technique I would like to use to allow for conditional compilation of these features. For example if a user wanted to use SQLeet, they'd use a tag in their build like so:

go build -tags sqleet

If you're not familiar these articles are good,
https://www.digitalocean.com/community/tutorials/customizing-go-binaries-with-build-tags
https://dave.cheney.net/2013/10/12/how-to-use-conditional-compilation-with-the-go-build-tool

I took a close look at your branch. Will you please open a PR so we can more easily comment on and discuss code changes? There were a number of issues with the example code, and with how you were setting the key, but ultimately I got it working. If you open a PR, then I can push my changes and I will review your code with comments explaining some things I'd like to see in more detail.

2: I got the some part of the code working, I can encrypt the file, but upon opening it, sqlite driver error out:

sqlite.Conn.Prepare: SQLITE_NOTADB: file is not a database (PRAGMA journal_mode=wal;)

This is because by default this package creates databases in WAL mode which is a setting that must be read from the database header when opening an existing file. However the header is encrypted and so reading fails because the WAL mode option has not been read. This can be dealt with by using a URI that sets the key and the journal mode like this: file:./database.db?key=swordfish&journal_mode=wal.

See the section right above this linked section in the README: https://github.com/resilar/sqleet#uri-configuration-interface

Great work. This is looking really do-able and will be a great added feature.

[alinz]

@AdamSLevy Thank you for your support,
I have familiar with build tags and I like the idea of using it. I have made a PR so we can start the conversation there. The PR is far from ready for merge but with your help I can make it there.

Thanks