Database Encryption (System.Data.SQLite)

classic Classic list List threaded Threaded
7 messages Options
Reply | Threaded
Open this post in threaded view
|

Database Encryption (System.Data.SQLite)

Mattock Paul
All,

Would anyone be able to confirm what cipher is used for encrypting an SQLite database when password="" is used?


I have seen old posts online which state its 128bit but assume this is now wrong and am after completing a design document which requires I state the encryption level.


Regards,

Tithras
_______________________________________________
sqlite-users mailing list
[hidden email]
http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/sqlite-users
Reply | Threaded
Open this post in threaded view
|

Re: Database Encryption (System.Data.SQLite)

Jim Borden
From looking at the System.Data.SQLite source (someone please correct me if I am wrong)

It would use whatever cipher was provided to it via the native library that it was deployed with.  It's designed with sqlite encryption extension in mind but I suppose in theory it would work with any implementation that properly implements the sqlite3_key APIs / PRAGMAs.  As far as I can tell it is not a foregone conclusion in the C# as to what algorithm is used.

The one on Nuget just ships with the vanilla sqlite which has no encryption support.  Decompiling and searching for the sqlite3_key binding shows that it is not present in the library (which makes sense since it is guarded by an #if in the source base)

On 2019/04/01 18:27, "sqlite-users on behalf of Mattock Paul" <[hidden email] on behalf of [hidden email]> wrote:

    All,

    Would anyone be able to confirm what cipher is used for encrypting an SQLite database when password="" is used?


    I have seen old posts online which state its 128bit but assume this is now wrong and am after completing a design document which requires I state the encryption level.


    Regards,

    Tithras
    _______________________________________________
    sqlite-users mailing list
    [hidden email]
    http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/sqlite-users



Privacy Policy<http://www.couchbase.com/privacy-policy>
Marketing Preferences<http://info.couchbase.com/unsubscribe-or-manage-preferences>
_______________________________________________
sqlite-users mailing list
[hidden email]
http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/sqlite-users
Reply | Threaded
Open this post in threaded view
|

Re: Database Encryption (System.Data.SQLite)

Mattock Paul
Jim,
Thanks for the information.

Just to confirm I am using the nuget package (System.Data.SQLite v1.0.109.2) and my sqlite database is encrypted without any additional modules associated with my release. A code snippet of the section which handles the initial database encryption is as follows:

using (SQLiteConnection localDBConnection = new SQLiteConnection(connection))
{
 localDBConnection.SetPassword("password");
 localDBConnection.Open();

 using (SQLiteCommand command = new SQLiteCommand(localDBConnection))
 {
  command.CommandText = createTableSNBuild;
  command.ExecuteNonQuery();
 }                    
}

Regards,
Tithras

> On 01 April 2019 at 12:52 Jim Borden <[hidden email]> wrote:
>
>
> From looking at the System.Data.SQLite source (someone please correct me if I am wrong)
>
> It would use whatever cipher was provided to it via the native library that it was deployed with.  It's designed with sqlite encryption extension in mind but I suppose in theory it would work with any implementation that properly implements the sqlite3_key APIs / PRAGMAs.  As far as I can tell it is not a foregone conclusion in the C# as to what algorithm is used.
>
> The one on Nuget just ships with the vanilla sqlite which has no encryption support.  Decompiling and searching for the sqlite3_key binding shows that it is not present in the library (which makes sense since it is guarded by an #if in the source base)
>
> On 2019/04/01 18:27, "sqlite-users on behalf of Mattock Paul" <[hidden email] on behalf of [hidden email]> wrote:
>
>     All,
>
>     Would anyone be able to confirm what cipher is used for encrypting an SQLite database when password="" is used?
>
>
>     I have seen old posts online which state its 128bit but assume this is now wrong and am after completing a design document which requires I state the encryption level.
>
>
>     Regards,
>
>     Tithras
>     _______________________________________________
>     sqlite-users mailing list
>     [hidden email]
>     http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/sqlite-users
>
>
>
> Privacy Policy<http://www.couchbase.com/privacy-policy>
> Marketing Preferences<http://info.couchbase.com/unsubscribe-or-manage-preferences>
> _______________________________________________
> sqlite-users mailing list
> [hidden email]
> http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/sqlite-users
_______________________________________________
sqlite-users mailing list
[hidden email]
http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/sqlite-users
Reply | Threaded
Open this post in threaded view
|

Re: Database Encryption (System.Data.SQLite)

Simon Slavin-3
On 1 Apr 2019, at 1:15pm, Mattock Paul <[hidden email]> wrote:

> Just to confirm I am using the nuget package (System.Data.SQLite v1.0.109.2)

This uses PCL Crypto, which in turn accesses crypto implemented in PCL itself rather than implmenting its own.  A list of crypto methods it supports, tabled against OS, can be found here:

<https://github.com/AArnott/PCLCrypto/wiki/Algorithms-X-platforms-support>

Also see the 'Legal Key Sizes' link on that page.

So the bad part is that your cryto is done entirely outside SQLite so we don't know much about it.  But the good part is that there is a source that does.
_______________________________________________
sqlite-users mailing list
[hidden email]
http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/sqlite-users
Reply | Threaded
Open this post in threaded view
|

Re: Database Encryption (System.Data.SQLite)

Mattock Paul
Simon,
Thanks, do we have any idea on what Algorithm is used?

Tithras

> On 01 April 2019 at 14:28 Simon Slavin <[hidden email]> wrote:
>
>
> On 1 Apr 2019, at 1:15pm, Mattock Paul <[hidden email]> wrote:
>
> > Just to confirm I am using the nuget package (System.Data.SQLite v1.0.109.2)
>
> This uses PCL Crypto, which in turn accesses crypto implemented in PCL itself rather than implmenting its own.  A list of crypto methods it supports, tabled against OS, can be found here:
>
> <https://github.com/AArnott/PCLCrypto/wiki/Algorithms-X-platforms-support>
>
> Also see the 'Legal Key Sizes' link on that page.
>
> So the bad part is that your cryto is done entirely outside SQLite so we don't know much about it.  But the good part is that there is a source that does.
> _______________________________________________
> sqlite-users mailing list
> [hidden email]
> http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/sqlite-users
_______________________________________________
sqlite-users mailing list
[hidden email]
http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/sqlite-users
Reply | Threaded
Open this post in threaded view
|

Re: Database Encryption (System.Data.SQLite)

Simon Slavin-3
On 1 Apr 2019, at 3:30pm, Mattock Paul <[hidden email]> wrote:

> Thanks, do we have any idea on what Algorithm is used?

Since more than one algorithm is available, this would be something selected by the software you were using.  So I can only suggest you read the source code for the bit of the software which created the database.

It might be possible for someone clever with encryption to work it out, given a copy of your database, but that's not something I've ever tried.
_______________________________________________
sqlite-users mailing list
[hidden email]
http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/sqlite-users
Reply | Threaded
Open this post in threaded view
|

Re: Database Encryption (System.Data.SQLite)

Mattock Paul
As I was using the unchanged nuget package I assumed it would be a “default” encryption as it isn’t something I compiled or changed?

Tithras

Sent from my iPhone

> On 1 Apr 2019, at 15:33, Simon Slavin <[hidden email]> wrote:
>
>> On 1 Apr 2019, at 3:30pm, Mattock Paul <[hidden email]> wrote:
>>
>> Thanks, do we have any idea on what Algorithm is used?
>
> Since more than one algorithm is available, this would be something selected by the software you were using.  So I can only suggest you read the source code for the bit of the software which created the database.
>
> It might be possible for someone clever with encryption to work it out, given a copy of your database, but that's not something I've ever tried.
> _______________________________________________
> sqlite-users mailing list
> [hidden email]
> http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/sqlite-users

_______________________________________________
sqlite-users mailing list
[hidden email]
http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/sqlite-users