[DBD-SQLite] Adding support for SQLCipher.

Kenichi Ishigaki kishigaki at gmail.com
Tue Aug 18 16:48:52 GMT 2009 

Hi, Dmitri,

sorry but I don't think it's a good idea to apply your patch
right now. I haven't tested it yet, but SQLCipher's README
says 1) building via 'amalgamation' isn't supported, 2) we must
define SQLITE_HAS_CODEC, 3) we need to link against a OpenSSL's
libcrypt iwth sha256 support. That means, if we want to enable
it, we also need those libraries (i.e. we also need to patch
Makefile.PL etc). And the SQLCipher's license looks like a bit
obscure, private one, which might not fit for a CPAN module.

Besides, you can freely issue PRAGMA (re)key="something" without
this patch. DBD::SQLite certainly ignores a password, but it's
derived from the DBI's API. I don't think it's a good idea to
use it in other way.

Thanks,

Kenichi


On Tue, 18 Aug 2009 07:30:33 -0700 (PDT), Dmitri Tikhonov <dtikhonov at yahoo.com> wrote:

>Hello,
>
>I have been working with SQLCipher [1] and I have noticed that DBD::SQLite does not work out of the box with it.  In order to use an encrypted database, the first thing that should happen is to issue a pragma that specifies the key to decrypt pages.  I modified the login function (the patch is attached) to use the password, if set, as the key.
>
>I was hoping this (or a modified, but equivalent) change could be made to the main line: it should not break existing code and will make DBD::SQLite work with SQLCipher.
>
>  - Dmitri.
>
>1. "SQLCipher is an open source extension that provides transparent encryption of SQLite databases. Data pages are encrypted before being written to storage and decrypted on read."  http://www.zetetic.net/software/sqlcipher/
>
>
>
>

>Index: dbdimp.c
>===================================================================
>--- dbdimp.c	(revision 31)
>+++ dbdimp.c	(revision 32)
>@@ -106,6 +106,28 @@
>
>     sqlite3_busy_timeout(imp_dbh->db, SQL_TIMEOUT);
>
>+    if (pass) {
>+        /* If password is set, issue pragma to decrypt the database.  Works
>+         * with SQLCipher.
>+         */
>+        char pragma[0x100];
>+        if (snprintf(pragma, sizeof(pragma), "PRAGMA key='%s'", pass) >=
>+            sizeof(pragma))
>+        {
>+            sqlite_error(dbh, (imp_xxh_t*)imp_dbh, 1,
>+                         strdup("password too long"));
>+            return FALSE;
>+        }
>+
>+        if ((retval = sqlite3_exec(imp_dbh->db, pragma, NULL, NULL, &errmsg))
>+            != SQLITE_OK)
>+        {
>+            /*  warn("failed to set pragma: %s\n", errmsg); */
>+            sqlite_error(dbh, (imp_xxh_t*)imp_dbh, retval, errmsg);
>+            return FALSE;
>+        }
>+    }
>+
>     if ((retval = sqlite3_exec(imp_dbh->db, "PRAGMA empty_result_callbacks = ON",
>         NULL, NULL, &errmsg))
>         != SQLITE_OK)

>_______________________________________________
>DBD-SQLite mailing list
>DBD-SQLite at lists.scsys.co.uk
>http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/dbd-sqlite

More information about the DBD-SQLite mailing list