Would love a Data based passphrase call

Thanks so much for the library - love using it. One thing that I would love to see is a way to set the passphrase as a data object instead of requiring a string.

Something like:

    /// Sets the passphrase used to crypt and decrypt an SQLCipher database.
    ///
    /// Call this method from `Configuration.prepareDatabase`,
    /// as in the example below:
    ///
    ///     var config = Configuration()
    ///     config.prepareDatabase { db in
    ///         try db.usePassphrase(passphraseData)
    ///     }
    public func usePassphrase(_ data: Data) throws {
        let code = data.withUnsafeBytes {
            sqlite3_key(sqliteConnection, $0.baseAddress, Int32($0.count))
        }
        guard code == SQLITE_OK else {
            throw DatabaseError(resultCode: code, message: String(cString: sqlite3_errmsg(sqliteConnection)))
        }
    }

We generate our passphrase as Data and want to avoid stringifying it for security reasons.

I can submit a PR if that is allowed...just wanted to follow protocol and start with a question.

Ed

Hello @eBurns. Sure, go ahead, you're welcome!

@eBurns, after a little more thoughts, I pose a condition to this future pull request. I want:

  1. A clear explanation of those "security reasons", in the main message of the pull request. I want to avoid any hand-waving on this topic, and I want to be able to evaluate your rationale.
  2. An update of the Security Considerations chapter in the documentation, in which you share your technique and rationale, written in layman's terms, in a way that is usable by developers. Get inspiration from the current wording of this chapter.

I'm looking forward for your contribution!

I'll do that.

One more question: I would like to run the Encryption Tests - what is the best way to set the flag (and make the unit tests use sqlCipher)?

Thank you for your help and support :slight_smile:

To run GRDB tests with SQLCipher, run:

make test_framework_SQLCipher4

Once those tests have run once, you have an Xcode workspace in the Tests/CocoaPods/SQLCipher4 directory, that may be easier to use than the command-line. Especially, you'll be able to only run the passphrase tests you are interested in.

If something turns wrong and it looks that everything is broken, make sure you commit your changes first, close Xcode windows, and bring the repo back to a pristine state before you generate the test project again:

make distclean
make test_framework_SQLCipher4

For SQLCipher 3, just replace 4 with 3 :-)

Also, the Makefile is not ready for Xcode 12.3 yet: prefer Xcode 12.2!

Terms of Service

Privacy Policy

Cookie Policy