Issue with Sqlcipher not encrypting the database. #1257
Comments
|
@SC-HeinrichG - Unfortunately it's very likely that your database is not actually encrypted. To see if SQLCipher is even being used at runtime, execute the query |
|
Hi Stehen Lombardo,
Thank you for the feedback.
Is there a tutorial to enable encryption on the database?
Kind regards
Heinrich Glover
Developer
[signature_774479978]
M: 27 72 303 5605 | W: www.securecitizen.co.za<http://www.securecitizen.co.za/> | A: Building A, Suite 2, Cotillion Place, 22 Techno Ave, Techno Park, Stellenbosch, 7600
[signature_3899392277]<https://securecitizen.co.za/identity-fraud-theft-protection-services-secure-citizen/>
[signature_4090389410]<https://play.google.com/store/apps/details?id=com.onevault.sc_consumer_maui>[signature_1015348171]<https://apps.apple.com/za/app/secure-citizen/id1671813454>
Or Register Online<https://securecitizen.app/>
This email and its contents are privileged and confidential and for the use of the addressee only. Should you have received this email in error please notify us by replying directly to the sender and thereafter delete the email and any attachments from your system. You warrant that you are legally entitled to disclose any personal information sent by you to Secure Citizen Pty Ltd, that Secure Citizen Pty Ltd is legally entitled to process this personal information for you or on your behalf for the purpose(s) requested or instructed by you, and that you have obtained the necessary consents from the data subject(s) to disclose and process the personal information. © Copyright: Copyright in this document vests in Secure Citizen Pty Ltd. No part of this document may be reproduced in whole or in part, used for commercial gain or disclosed or transmitted in any form whatsoever, without the prior written consent of the copyright owner, and to do so will be unlawful.
…________________________________
From: Stephen Lombardo ***@***.***>
Sent: Friday, October 25, 2024 9:04 PM
To: praeclarum/sqlite-net ***@***.***>
Cc: Heinrich Glover ***@***.***>; Mention ***@***.***>
Subject: Re: [praeclarum/sqlite-net] Issue with Sqlcipher not encrypting the database. (Issue #1257)
@SC-HeinrichG<https://github.com/SC-HeinrichG> - Unfortunately it's very likely that your database is not actually encrypted. To see if SQLCipher is even being used at runtime, execute the query PRAGMA cipher_version; and retrieve the result set. If SQLCipher is being used it will return a value with the library version number. If there is no result set returned you're using standard SQLite and the database is unencrypted.
—
Reply to this email directly, view it on GitHub<#1257 (comment)>, or unsubscribe<https://github.com/notifications/unsubscribe-auth/BGMPS3C2S55R3KU64ZGPQVLZ5KI5TAVCNFSM6AAAAABQOWVCS2VHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDIMZYGYYDSMRZGA>.
You are receiving this because you were mentioned.Message ID: ***@***.***>
|
|
Hello @SC-HeinrichG I'm not aware of any specific, up-to-date tutorials for this particular package. It seems like there could be some problem with your application setup or these nuget packages. Perhaps some other community members may chime in with other suggestions. For reference only, if you're using SQLCipher commercially, compatible commercially supported packages are available directly from the SQLCipher site. |
|
Thanks Stephen,
Don't stress, I will figure it out. For now, I'm treating the database as Un-Encrypted and encrypt the required fields with Aes256.
Thanks for getting back to me.
Regards
Heinrich Glover
Developer
[signature_774479978]
M: 27 72 303 5605 | W: www.securecitizen.co.za<http://www.securecitizen.co.za/> | A: Building A, Suite 2, Cotillion Place, 22 Techno Ave, Techno Park, Stellenbosch, 7600
[signature_3899392277]<https://securecitizen.co.za/identity-fraud-theft-protection-services-secure-citizen/>
[signature_4090389410]<https://play.google.com/store/apps/details?id=com.onevault.sc_consumer_maui>[signature_1015348171]<https://apps.apple.com/za/app/secure-citizen/id1671813454>
Or Register Online<https://securecitizen.app/>
This email and its contents are privileged and confidential and for the use of the addressee only. Should you have received this email in error please notify us by replying directly to the sender and thereafter delete the email and any attachments from your system. You warrant that you are legally entitled to disclose any personal information sent by you to Secure Citizen Pty Ltd, that Secure Citizen Pty Ltd is legally entitled to process this personal information for you or on your behalf for the purpose(s) requested or instructed by you, and that you have obtained the necessary consents from the data subject(s) to disclose and process the personal information. © Copyright: Copyright in this document vests in Secure Citizen Pty Ltd. No part of this document may be reproduced in whole or in part, used for commercial gain or disclosed or transmitted in any form whatsoever, without the prior written consent of the copyright owner, and to do so will be unlawful.
…________________________________
From: Stephen Lombardo ***@***.***>
Sent: Wednesday, October 30, 2024 10:48 PM
To: praeclarum/sqlite-net ***@***.***>
Cc: Heinrich Glover ***@***.***>; Mention ***@***.***>
Subject: Re: [praeclarum/sqlite-net] Issue with Sqlcipher not encrypting the database. (Issue #1257)
Hello @SC-HeinrichG<https://github.com/SC-HeinrichG> I'm not aware of any specific, up-to-date tutorials for this particular package. It seems like there could be some problem with your application setup or these nuget packages. Perhaps some other community members may chime in with other suggestions.
For reference only, if you're using SQLCipher commercially, compatible commercially supported packages are available directly from the SQLCipher site<https://www.zetetic.net/sqlcipher/>.
—
Reply to this email directly, view it on GitHub<#1257 (comment)>, or unsubscribe<https://github.com/notifications/unsubscribe-auth/BGMPS3D7WG4NJSPCPCKTJC3Z6FAY5AVCNFSM6AAAAABQOWVCS2VHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDINBYGM2DKNBYHE>.
You are receiving this because you were mentioned.Message ID: ***@***.***>
|
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hi Guys,
I trust you are all well,
I used Gerald Versluis tutorial to originally setup a secure test database as per this link and your gitlab site.
https://www.google.com/search?q=maui+sqlite+sqlcipher+example&oq=Maui+SQL&gs_lcrp=EgZjaHJvbWUqBggAEEUYOzIGCAAQRRg7MgYIARBFGDkyBggCEEUYOzIGCAMQRRg7MgYIBBBFGDwyBggFEEUYPDIGCAYQRRg8MgYIBxAuGEDSAQkxMDYzNWowajGoAgCwAgA&sourceid=chrome&ie=UTF-8#fpstate=ive&vld=cid:01b06d9d,vid:O1UQfoh4710,st:0
We've been using sqlite-net-sqlcipher version 1.9.172 and versions from before in dotNet Maui 8.0.
The solution have multiple tables and we store encrypted data in the Mobile Application build for Android and iOS.
Lately it was requested that we add functionality for the User to be able to change the database encryption key.
This is when I noted that does not matter what key you pass into the database for login, it will always came back with the database as read ready.
I would have suspected as per normal that if a wrong key for the database login is provided an access or Security exception should be thrown. But NOT. Can you please have a look at this as a matter of urgency.
Currently on Visual Studio Community version 17.11.5 Example as per your github site or per above link. The original .pcl nuget was replaced with the .sqlcipher.
If you can create a database with key A and next login into it with a different key B then you hit the bug.
PS; In other native Android Java/Kotlin and iOS Swift in different projects the sql-ciper works flawless.
Kind regards
Heinrich
The text was updated successfully, but these errors were encountered: