encrypted sqlite db on CubeSQL

Richard_Duke · May 10, 2017, 8:34pm

Hi,

how do i use encryption key on sqlite that run on the cubesql server???

on xojo, i use “app.datDataS.EncryptionKey=gEncryptionKey” for sqlite for single user.

i move the data file to the cubesql , i have a line like this “app.datDataM.Encryption=1” but don’t know what to do next.

Phillip_Zedalis · May 10, 2017, 9:22pm

Encryption of the SQLite databases are managed by cubeSQL at the server level. You only need to make sure you are enabling AES encryption for your data traffic between your Xojo app and cubeSQL server.

Richard_Duke · May 10, 2017, 9:36pm

how do i enabling the AES encryption?

Richard_Duke · May 11, 2017, 2:02pm

got a email from marco bambini

[b]from the Admin manual:

"If the database that you uploaded is encrypted and the server does not know its encryption key, then it cannot serve it. For that reason, it appears in gray in the Databases panel. You need to set its encryption key (either using the Admin application or via the proper custom command).

In the Admin application, select the database in the list and choose Server ? Set Database Key. A dialog will appear in which you can enter the databases encryption key."[/b]

Ralph_Alvy · July 25, 2017, 4:47pm

I understand how to encrypt a SQLite file that is overseen by cubeSQLServer, using the the cubeSQLServer Admin app. But how do I enable AES encryption for the data traffic between my Xojo app and the cubeSQL server?

Johnny_Harris · July 25, 2017, 7:35pm

If you look at Xojo Plugin.pdf included with the CubeSQL download you will find a little information.

try:

db.Encryption = CubeSQLPlugin.kAES256

I think the options are:
kAESNONE (Integer Constant)
kAES128 (Integer Constant)
kAES192 (Integer Constant)
kAES256 (Integer Constant)

Ralph_Alvy · July 25, 2017, 7:52pm

Sounds promising, Johnny. Thanks.

I also notice that I can’t encrypt an unencrypted file with the cubeSQL Admin app. I must do that before uploading it. SQLiteManager lets me do that with AES128, which it says is the only one of the options it offers that will work with both Xojo cubeSQLServer.

Johnny_Harris · July 25, 2017, 10:12pm

Look at page 64 of the ‘Commands Reference.pdf’ file. There are commands you can execute from the CubeSQL Admin console to Encrypt/Decrypt a database on the server. I would try these commands on a non-production database for testing.

ENCRYPT DATABASE myDB WITH KEY abc;

Ralph_Alvy · July 25, 2017, 11:39pm

[quote=342167:@Johnny Harris]Look at page 64 of the ‘Commands Reference.pdf’ file. There are commands you can execute from the CubeSQL Admin console to Encrypt/Decrypt a database on the server. I would try these commands on a non-production database for testing.

ENCRYPT DATABASE myDB WITH KEY abc;[/quote]

That works, Johnny. Thanks.

Ralph_Alvy · July 26, 2017, 12:49am

More testing shows this method of encrypting an existing database fails to work most of the time for me. I find that I have to download the database, encrypt it with SQLite Manager, and then upload it again. Not sure why it worked for me once, but never again.

Johnny_Harris · July 26, 2017, 2:40am

Hmmm… kind of strange. I tried to set the encryption key for a database with the extension .db (chinook.db) and it failed every time. I renamed the extension to .sqlite (chinook.sqlite) and it works just fine.

Could this possibly be the issue you’re having?

Ralph_Alvy · July 26, 2017, 3:04am

I used the .sqlite extension.

Ralph_Alvy · July 26, 2017, 4:54am

Most of the time I was stopped out with a message saying the database is in use (the client hitting it was just the cubeSQL Admin app). Other times, when it looked like the attempt to encrypt the file worked, I later found I couldn’t open it with the password I used to encrypt it.

Downloading, encrypting, and then uploading works, of course.

Johnny_Harris · July 26, 2017, 11:06am

I think there are several different methods that can be used to encrypt/decrypt an SQLite database. Others on the forum would know more about this than I do. The method you’re using to decrypt may not be compatible with the method used to encrypt.

According to the CubeSQL documentation:

ENCRYPT DATABASE encrypts a non encrypted (clear) database using AES128 OFB algorithm.

You could always email Marco about the issues you’re having.

Ralph_Alvy · July 26, 2017, 2:13pm

I emailed Marco this morning.

Ralph_Alvy · July 27, 2017, 10:19pm

[quote=342153:@Johnny Harris]If you look at Xojo Plugin.pdf included with the CubeSQL download you will find a little information.

try:

db.Encryption = CubeSQLPlugin.kAES256

I think the options are:
kAESNONE (Integer Constant)
kAES128 (Integer Constant)
kAES192 (Integer Constant)
kAES256 (Integer Constant)[/quote]

Turns out that we don’t need to add anything at all to existing Xojo code, assuming your code works fine with an existing cubeSQLServer-hosted unencrypted file. Just encrypt the existing cubeSQLServer-hosted file, and tell cubeSQLServer what the password is for that file, and you’re done. As long as you encrypt the file with SQLite/SEE encryption, you’re good to go. You can do that with SQLiteManager, from the author of cubeSQLServer, or Xojo itself.