I am having some local SQLite databases for keeping app-config-data and consider having these as encrypted databases. Currently Xojo is using Dr Hipp for encryption and so far I did not manage to open any Xojo-encrypted database with Navicat and visa verse.
Not a big deal since it works fine with Xojo and you add encryption once you’re sure everything works fine.
But what about the choice for Dr. Hipp ? Will Xojo stay with this guy and so guarantee that we will be able to open/use old encrypted databases in future versions ?
Anyway, I guess it will be a good idea to store unencrypted versions with the source-code branches and build an application to decrypt database-files I might get back from the customer.
You could petition Navicat to add Dr. Hipp’s encryption to their tool.
I will put a ticket at Navicat for that Greg , but my question was: will Xojo stay with Dr Hipp forever in order to be able to open our encrypted databases with future versions.
The license from Dr Hipp is a perpetual license so I can’t imagine why we could change our usage of it
Fine ! Thanks Norman.
I have navigate too but I have not used DB encryption ever am I will need encryption in a test I’m currently sketching. What DB software do you recommend for using Xojo databases? In my case is OSX only. (Sorry, a bit off-topic)
based on the link Norman provided above, this extension provides 4 methods
- RC4
- AES-128 in OFB mode
- AES-128 in CCM mode
*AES-256 in OFB mode
if seems that Xojo uses AES-128 in OFB mode by default (is that correct?)
can any of the other 3 be used in Xojo by prefixing the method to the key?
SQLiteManager handles this kind of encryption. That’s what I use.
Find it here:
there are numerous encryption libraries for sqlite
Xojo uses the one that comes directly from Dr Hipp
In order to read such a db you have to be using that same encryption code
[quote=189556:@Norman Palardy]FYI its this
http://www.hwaci.com/sw/sqlite/see.html[/quote]
you inferred that this was the extension that XOJO implemented
hence my question
Exactly as I said this IS the encryption code we use
Not inferred in any way
Xojo/REAL paid the license and use that code
What I dont recall is whether you can specify different key types easily (ie/ like in the attach)
Which IS my question… there are four encyption methods in that webpage…
If this is the code Xojo uses, does the underlying SQLite engine allow for the encryption method to be pre-pended to the key if one where to user “PRAGMA KEY” or “PRAGMA REKEY” (or as part of the string to Xojo own methods)
the pragma and attach sql command definitely dont seem to have a means to specify what kind of key it is
and from a quick look over the source code it looks like the selection of encryption type is compiled right in and so it doesn’t appear to be possible, with Xojo’s sqlite database, to say the key is anything other than AES 128 OFB
there may be a way to compile things to allow more than one and to, at runtime, select one - but that doesn’t appear to be how we currently compile things
That was not the question
As for other encryption methods like SQLcipher, you can use that also with my plugin.
For Dave’s question: in my plugin you can prefix key with name of encryption mode and maybe same way works with Xojo’s class. Maybe worth checking…
Lather rinse & repeat