Encryption not working on MacOS with Electron

[alangrainger]

Hi @fritx, just wondering if you've successfully used this on MacOS?

The compile works without any errors, but the resulting Sqlite build doesn't have the cipher extension. Database access works without any issues, but the pragma password command has no effect - i.e. any password will open the database.

If you have had it working, what were the Node/NPM/Xcode versions you used?

Thanks

[fritx]

@alangrainger yes, I had tested it on MacOS.

You can try clone this repo and then npm test to see if it works?

[fritx]

Just tried again, it works on my side.

• node v8.7.0
• npm v5.4.2
• MacOS 10.11.6
• Xcode 8.2.1 (8C1002)

unix-sqlcipher$ npm install && npm test

> unix-sqlcipher@0.0.5 preinstall /Users/fritx/g/unix-sqlcipher
> node preinstall


> sqlite3@3.1.13 install /Users/fritx/g/unix-sqlcipher/node_modules/sqlite3
> node-pre-gyp install --fallback-to-build

[sqlite3] Success: "/Users/fritx/g/unix-sqlcipher/node_modules/sqlite3/lib/binding/node-v57-darwin-x64/node_sqlite3.node" is installed via remote

> unix-sqlcipher@0.0.5 postinstall /Users/fritx/g/unix-sqlcipher
> node postinstall

/usr/local/bin/brew
/usr/local/Cellar/sqlcipher/3.4.0/bin/sqlcipher
/usr/local/Cellar/sqlcipher/3.4.0/CHANGELOG.md
/usr/local/Cellar/sqlcipher/3.4.0/include/sqlcipher/sqlite3.h
/usr/local/Cellar/sqlcipher/3.4.0/include/sqlcipher/sqlite3ext.h
/usr/local/Cellar/sqlcipher/3.4.0/INSTALL_RECEIPT.json
/usr/local/Cellar/sqlcipher/3.4.0/lib/libsqlcipher.0.dylib
/usr/local/Cellar/sqlcipher/3.4.0/lib/libsqlcipher.a
/usr/local/Cellar/sqlcipher/3.4.0/lib/libsqlcipher.dylib
/usr/local/Cellar/sqlcipher/3.4.0/lib/pkgconfig/sqlcipher.pc
/usr/local/Cellar/sqlcipher/3.4.0/LICENSE
/usr/local/Cellar/sqlcipher/3.4.0/README.md

> sqlite3@3.1.13 install /Users/fritx/g/unix-sqlcipher/node_modules/sqlite3
> node-pre-gyp install --fallback-to-build

gyp WARN download NVM_NODEJS_ORG_MIRROR is deprecated and will be removed in node-gyp v4, please use NODEJS_ORG_MIRROR
gyp WARN download NVM_NODEJS_ORG_MIRROR is deprecated and will be removed in node-gyp v4, please use NODEJS_ORG_MIRROR
gyp WARN download NVM_NODEJS_ORG_MIRROR is deprecated and will be removed in node-gyp v4, please use NODEJS_ORG_MIRROR
  CXX(target) Release/obj.target/node_sqlite3/src/database.o
../src/database.cc:144:9: warning: unused variable 'status' [-Wunused-variable]
    int status = uv_queue_work(uv_default_loop(),
        ^
../src/database.cc:230:9: warning: unused variable 'status' [-Wunused-variable]
    int status = uv_queue_work(uv_default_loop(),
        ^
../src/database.cc:525:9: warning: unused variable 'status' [-Wunused-variable]
    int status = uv_queue_work(uv_default_loop(),
        ^
../src/database.cc:625:9: warning: unused variable 'status' [-Wunused-variable]
    int status = uv_queue_work(uv_default_loop(),
        ^
4 warnings generated.
  CXX(target) Release/obj.target/node_sqlite3/src/node_sqlite3.o
  CXX(target) Release/obj.target/node_sqlite3/src/statement.o
../src/statement.cc:118:9: warning: unused variable 'status' [-Wunused-variable]
    int status = uv_queue_work(uv_default_loop(),
        ^
../src/statement.cc:322:5: warning: unused variable 'status' [-Wunused-variable]
    STATEMENT_BEGIN(Bind);
    ^
../src/macros.h:125:9: note: expanded from macro 'STATEMENT_BEGIN'
    int status = uv_queue_work(uv_default_loop(),                              \
        ^
../src/statement.cc:370:5: warning: unused variable 'status' [-Wunused-variable]
    STATEMENT_BEGIN(Get);
    ^
../src/macros.h:125:9: note: expanded from macro 'STATEMENT_BEGIN'
    int status = uv_queue_work(uv_default_loop(),                              \
        ^
../src/statement.cc:438:5: warning: unused variable 'status' [-Wunused-variable]
    STATEMENT_BEGIN(Run);
    ^
../src/macros.h:125:9: note: expanded from macro 'STATEMENT_BEGIN'
    int status = uv_queue_work(uv_default_loop(),                              \
        ^
../src/statement.cc:504:5: warning: unused variable 'status' [-Wunused-variable]
    STATEMENT_BEGIN(All);
    ^
../src/macros.h:125:9: note: expanded from macro 'STATEMENT_BEGIN'
    int status = uv_queue_work(uv_default_loop(),                              \
        ^
../src/statement.cc:601:5: warning: unused variable 'status' [-Wunused-variable]
    STATEMENT_BEGIN(Each);
    ^
../src/macros.h:125:9: note: expanded from macro 'STATEMENT_BEGIN'
    int status = uv_queue_work(uv_default_loop(),                              \
        ^
../src/statement.cc:724:5: warning: unused variable 'status' [-Wunused-variable]
    STATEMENT_BEGIN(Reset);
    ^
../src/macros.h:125:9: note: expanded from macro 'STATEMENT_BEGIN'
    int status = uv_queue_work(uv_default_loop(),                              \
        ^
7 warnings generated.
  SOLINK_MODULE(target) Release/node_sqlite3.node
  COPY /Users/fritx/g/unix-sqlcipher/node_modules/sqlite3/lib/binding/node-v57-darwin-x64/node_sqlite3.node
  TOUCH Release/obj.target/action_after_build.stamp
npm notice created a lockfile as package-lock.json. You should commit this file.
added 131 packages in 15.105s
npm notice created a lockfile as package-lock.json. You should commit this file.
npm WARN unix-sqlcipher@0.0.5 No license field.

added 130 packages in 32.008s

> unix-sqlcipher@0.0.5 test /Users/fritx/g/unix-sqlcipher
> node test

1: Ipsum 0
2: Ipsum 1
3: Ipsum 2
4: Ipsum 3
5: Ipsum 4
6: Ipsum 5
7: Ipsum 6
8: Ipsum 7
9: Ipsum 8
10: Ipsum 9
unix-sqlcipher$ open test.db      ## password required

[alangrainger]

Awesome, thanks for the detailed info.

Cloning unix-sqlcipher by itself worked perfectly, and I've narrowed the problem down to the electron-rebuild step. It looks like the rebuild process creates a version without encryption.

I've created a demo repo you can test with. Just clone it and run:

1. npm install
2. ./node_modules/.bin/electron-rebuild
3. npm start

It creates a database with encryption, and then tries to read that data without encryption.

https://github.com/alangrainger/unix-sqlcipher-test

If I try it on Windows (using win-sqlcipher), it fails at the read step as expected.

If I try it on MacOS, it happily reads the data, even though it should not be able to.

I used the Electron and electron-rebuild versions from your post here.

[fritx]

@alangrainger oh it does need some investigation.. stuffs of electron-rebuild

before that, did you try passing -m (-w) to electron-rebuild?

fritx/win-sqlcipher#2 (comment)

[fritx]

I'm trying your repo.

[alangrainger]

You may need to run npm start twice to see the data-read without encryption. Due to the asynchronous nature, sometimes it tries to do the read step before the write step.

Bad coding on my part, but you get the idea!!

[fritx]

@alangrainger hey, try this in unix-sqlcipher-test:

NPM_CONFIG_SQLITE_LIBNAME=sqlcipher NPM_CONFIG_SQLITE=`brew --prefix` ./node_modules/.bin/electron-rebuild -f

It works for me!

Damn... looks like it was totally missing out in in electron guide of this repo, my bad!

[fritx]

Perhaps including win-sqlcipher, electron users should pay attention to this bug.

Electron guide for win/ unix/cross-sqlcipher should all be updated.

[alangrainger]

I can't get it to work, but I think there is a Markdown syntax issue with the code you posted above.

This is what I'm trying:

• export NPM_CONFIG_SQLITE_LIBNAME=sqlcipher
• export NPM_CONFIG_SQLITE=`brew --prefix`
• ./node_modules/.bin/electron-rebuild -f

Are those the correct commands?

I also tried it with export NPM_CONFIG_SQLITE=`brew --prefix`/opt/sqlcipher/lib

Pull the test repo again if you want - I fixed the broken async code.

[cyb3rcod3]

Up, anyone have find a solution for enable encryption on OSX & UNIX electron projects ?

[cyb3rcod3]

Update:
Ok, i managed to make it work on OSX with Electron 1.8.4 :

cd path/your/app

npm i

npm i sqlite3 --build-from-source --sqlite_libname=sqlcipher --sqlite=`brew --prefix` --runtime=electron --target=1.8.4 --dist-url=https://atom.io/download/electron

cp -r node_modules/sqlite3/lib/binding/electron-v1.8-darwin-x64 node_modules/unix-sqlcipher/node_modules/sqlite3/lib/binding/

npm start

//enjoy

Look node-sqlite3 README@Custom builds and Electron for info..

[fritx]

@neoxxx85 amazing, let me try also.

I guess dist-url can be added to these lines to fix the issue:
https://github.com/fritx/unix-sqlcipher/blob/dev/postinstall.js#L17-L19

[fritx]

@alangrainger @neoxxx85 guys can have a try - https://github.com/fritx/sqlcipher-electron-demo

[michael-ts]

It's not working for me under Linux - I believe the issue may be that the postinstall.js script is hard-coding sqlite3 version 3.x. In this thread it is suggested that for sqlite3 to work with Node v12 requires sqlite v4.0.7.

[fritx]

hi, for sqlite3@4.x pls try unix-sqlcipher@0.4.0-alpha.0 under Linux,
and let me know. @michael-ts

I've tested it in MacOS, it's fine.

[michael-ts]

@fritx Thanks, that was fast! It's not working for me yet, for some reason electron-builder (or electron-rebuild, I've tried them both) don't seem to think there is anything to rebuild.

[michael-ts]

@fritx I looked at what the sqlcipher-electron-demo package scripts were doing and ran the following manually after running npm install in my package directory:

cd node_modules/unix-sqlcipher
npm i --runtime=electron --target=6.0.7 --dist-url=https://atom.io/download/electron

Now it's working... so it looks like this extra script code is needed to tie off the linkage.

[fritx]

for some reason electron-builder (or electron-rebuild, I've tried them both) don't seem to think there is anything to rebuild.

Now it's working... so it looks like this extra script code is needed to tie off the linkage.

Is there something I can do to improve unix-sqlcipher & cross-sqlcipher?

I'm not sure if 0.0.6-alpha (#4 (comment)) should be merged.

[michael-ts]

for some reason electron-builder (or electron-rebuild, I've tried them both) don't seem to think there is anything to rebuild.

Now it's working... so it looks like this extra script code is needed to tie off the linkage.

Is there something I can do to improve unix-sqlcipher & cross-sqlcipher?

I'm noticing that with unix-sqlcipher now whenever I do an npm install of any package, I wind up having to manually run npm run postinstall or it fails to find the node binary. But I suspect this may not be the fault of unix-sqlcipher (I have had npm install delete important stuff before when I accidentally ran it in the wrong place!)

With cross-sqlcipher, I have recently stopped using it in favor of unix-sqlcipher because that seemed to fix a similar issue where any time I did an npm install of anything it would recompile sqlcipher, not once, but twice. Dunno if there's a similar situation there...

[michael-ts]

@fritx I was going to test out cross-sqlcipher, but it looks like it's still at 0.0.2, which is including unix-sqlcipher@0.0.4...

[alangrainger]

@michael-ts Have a look at this package instead, which is in active development and working flawlessly for me:

https://github.com/journeyapps/node-sqlcipher

I was able to drop-in replace without any changes. I'm using Electron 3.1.x.