Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

rekey doesn't seem to work #4

Closed
SushiTee opened this issue Aug 10, 2016 · 2 comments
Closed

rekey doesn't seem to work #4

SushiTee opened this issue Aug 10, 2016 · 2 comments

Comments

@SushiTee
Copy link

SushiTee commented Aug 10, 2016
edited

Hi,
I'm trying to use this software to be able to us encryption for sqlite databases.
I'm trying to use database encryption with QT. I made it build already (at least the sqlite part + encryption). The wxWidgets stuff I don't really need.
So here is my problem.
Whenever I use rekey it fails to change the key.

        int rc = sqlite3_open_v2("test.sql", &db, SQLITE_OPEN_READWRITE | SQLITE_OPEN_CREATE, 0);

        if( rc ){
            qInfo() << "Can't open database";
            return;
        }else{
            qInfo() << "Opened database successfully ";
        }

        string pw = "blabla";
        if (!isDbEncrypted(db))
        {
            sqlite3_key(db, "", 0);
            sqlite3_rekey(db, pw.data(), pw.length());
            qInfo() << "Database was encrypted.";
        }
        else
        {
            sqlite3_key(db, pw.data(), pw.length());
            sqlite3_rekey(db, "", 0);
            qInfo() << "Database was decrypted.";
        }

        sqlite3_close(db);

I simply open a database. If it is not encrypted it will be encrypted and if it is already encrpted it will be decrypted. At least this is how it should be but it is not. If a new unencrypted DB is created it works fine but if I load the DB again after the encrption I get an error that the DB is corrupted or encrypted e´ven though I set the correct password with sqlite3_key(...).
I don't really get it. Am I missing something?
@utelle
Copy link
Owner

utelle commented Aug 11, 2016

The culprit is most probably your function isDbEncrypted(), for which you didn't show the code.

For an existing encrypted database the call to sqlite3_key has to be the very first action after opening the database connection. I suspect that isDbEncrypted() performs some SQL and returns false if that fails, but then it is already too late to call sqlite3_key.

If my suspicion is correct, then you would have to first close the database connection, reopen it, and then call sqlite3_key with the correct password. Alternatively you could read the first 16 bytes of the database files. If they are equal to the zero-terminated string SQLite format 3, then the file is an unencrypted SQLite database file; otherwise it is an encrypted database file or not a database file at all.

BTW, if the database file is unencrypted and you want to encrypt (rekey) it, then you don't need to call sqlite3_key with an empty key first. Just call sqlite3_rekey with the new password.

@SushiTee
Copy link
Author

Thank you. It works indeed.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@SushiTee @utelle