Hybrid View

  1. #1
    Sencha User
    Join Date
    Nov 2010
    Posts
    4
    Vote Rating
    0
    nrako is on a distinguished road

      0  

    Default portable encrypted Sqlite3 database?

    portable encrypted Sqlite3 database?


    Hi,

    I try to open a sqlite3 db which is protected by a password but after several attempts my results is :

    ArgumentError : The dbFile parameter value specifies an existing database, but there is no encryption salt value in the default salt ELS key. Possibly when the database was created a custom salt ELS key was specified.
    I am trying to open this sqlite3 db through ext-air (of course) which has been generated and encrypted server side by System.Data.SQLite (a .Net sqlite provide for ado.net).

    I'm starting to asking myself if it's possible to have portable encrypted sqlite3 db and read them from different clients? Because I wasn't able to open my db from an sqlite IDE either and failed the same way if the encrypted db was created by the IDE. Of course each db have been successfully decrypted and opened by their "creator" system.

    could the encryption system been closely linked with the system behind the database? from the few google results that I was able to found it shouldn't be but I seriously doubt about it...

    If this isn't possible, could an existing db be encrypted by adobe air (or ext-air) and then decrypted (no password) to make it readable from a different system.

    Oh, and my env is Adobe AIR sdk 2.5, ext 3.3, ext-air 3.2

    Just a comment from my painful experience; I think the following line should throw an exception if the condition is not valid.
    Code:
    // line 1551 ext-air-debug
    if (keyGen.validateStrongPassword(this.encryptionKey)) {
    ...
    }
    // no else, no exception

    Thanks,

    Nico

  2. #2
    Sencha User makana's Avatar
    Join Date
    Apr 2008
    Location
    Dresden, Germany
    Posts
    527
    Vote Rating
    19
    makana has a spectacular aura about makana has a spectacular aura about

      0  

    Default


    Hi,

    Quote Originally Posted by nrako View Post
    I'm starting to asking myself if it's possible to have portable encrypted sqlite3 db and read them from different clients?
    I think, it depends on the encryption method that is used by every system.
    AIR database encryption uses the Advanced Encryption Standard (AES) with Counter with CBC-MAC (CCM) mode. This encryption cipher requires a user-entered key to be combined with a salt value to be secure.
    I'm not sure if you can open an encrypted database that is encrypted with the same method by another application. I have no experiences with that. But if you know more, please let us know it.


    Quote Originally Posted by nrako View Post
    If this isn't possible, could an existing db be encrypted by adobe air (or ext-air) and then decrypted (no password) to make it readable from a different system.
    Adobe says no: http://help.adobe.com/en_US/AIR/1.5/...9339FA9B4.html
    Once a database is created as unencrypted, it can’t be encrypted later. Likewise, an encrypted database can’t be unencrypted later.
    You only can reencrypt it.


    Quote Originally Posted by nrako View Post
    Just a comment from my painful experience; I think the following line should throw an exception if the condition is not valid.
    Code:
    // line 1551 ext-air-debug
    if (keyGen.validateStrongPassword(this.encryptionKey)) {
    ...
    }
    // no else, no exception
    I guess it is not necessary here.
    Code:
    var file = Ext.isString(dbFile) ? air.File.applicationDirectory.resolvePath(dbFile) : dbFile,
    	encKey = null; // encKey is null here
    if (this.encryptionKey && !Ext.isEmpty(air.EncryptionKeyGenerator)) {
    	if (Ext.isString(this.encryptionKey)) {
    		var keyGen = new air.EncryptionKeyGenerator();
    		if (keyGen.validateStrongPassword(this.encryptionKey)) {
    			encKey = keyGen.getEncryptionKey(file, this.encryptionKey);
    		}
    	// this.encryptionKey is already a valid ByteArray
    	} else if (typeof this.encryptionKey == 'object' && this.encryptionKey.bytesAvailable === 0 && this.encryptionKey.length === 16) {
    		encKey = this.encryptionKey;
    	}
    }
    ...
    // if encryptionkeygenerator is not available or no encryption key is defined or the encryption key is not a valid one, then encKey is still null here
    // -> passing it into the openAsync method on an encrypted database will result in error 3138
    this.conn.openAsync(file, this.mode, new air.Responder(openHandler, errorHandler), this.autoCompact, this.pageSize, encKey);
    Best regards
    Programming today is a race between software engineers striving to build bigger and better іdiot-proof programs, and the universe striving to produce bigger and better idiots. So far, the universe is winning. (Rick Cook)

    Enhanced ExtJS adapter for Adobe AIR

  3. #3
    Sencha User
    Join Date
    Nov 2010
    Posts
    4
    Vote Rating
    0
    nrako is on a distinguished road

      0  

    Default


    Hi makana,

    Thank you very much for your answer! I felt a bit lonely one this issue. I even thought it was a sort of first post malediction ;-)

    I also did some research that I was about to share on this thread.

    But for now I have not solved this problem and I chose a different approach.

    Quote Originally Posted by makana View Post

    I think, it depends on the encryption method that is used by every system.

    I'm not sure if you can open an encrypted database that is encrypted with the same method by another application. I have no experiences with that. But if you know more, please let us know it.
    the Advanced Encryption Standard (AES) with Counter with CBC-MAC (CCM) mode
    That's what make me (temporarly) giving up when I found that System.Data.SQLite use a different encryption routine (RC4) ref : http://sqlite.phxsoftware.com/forums/p/473/2010.aspx

    Even if I figure out that I could maybe modify or imitate server-side what is done in getEncryptionKey() from EncryptionKeyGenerator.as (salt mechanism, SHA256...etc) I decided to put on hold because I can't afford to waste more time on this issue for now and also because it's not my cup of tea either

    But I still think that should be possible from what I understood in the end it's nothing else than sqlite3_rekey and sqlite3_open but I am maybe completely wrong???


    Quote Originally Posted by makana View Post

    Adobe says no: http://help.adobe.com/en_US/AIR/1.5/...9339FA9B4.html

    You only can reencrypt it.
    That's right, I also found this information.
    Quote Originally Posted by makana View Post

    I guess it is not necessary here.
    Code:
    var file = Ext.isString(dbFile) ? air.File.applicationDirectory.resolvePath(dbFile) : dbFile,
        encKey = null; // encKey is null here
    if (this.encryptionKey && !Ext.isEmpty(air.EncryptionKeyGenerator)) {
        if (Ext.isString(this.encryptionKey)) {
            var keyGen = new air.EncryptionKeyGenerator();
            if (keyGen.validateStrongPassword(this.encryptionKey)) {
                encKey = keyGen.getEncryptionKey(file, this.encryptionKey);
            }
        // this.encryptionKey is already a valid ByteArray
        } else if (typeof this.encryptionKey == 'object' && this.encryptionKey.bytesAvailable === 0 && this.encryptionKey.length === 16) {
            encKey = this.encryptionKey;
        }
    }
    ...
    // if encryptionkeygenerator is not available or no encryption key is defined or the encryption key is not a valid one, then encKey is still null here
    // -> passing it into the openAsync method on an encrypted database will result in error 3138
    this.conn.openAsync(file, this.mode, new air.Responder(openHandler, errorHandler), this.autoCompact, this.pageSize, encKey);
    Best regards
    hmmm well maybe, I first thought it was a bit uneasy to not throw a specific error because I spend some time trying to figure out what went wrong while opening the db. And I have been a bit surprised to see that the password toughness need to be validate first. Then I reencrypt my db server-side with a tough password and of course that wasn't the only problem... :-P

    But still that would mean that I could create an non encrypted db in "create openMode" and use it without never know that it's not encrypted?

    BR

  4. #4
    Sencha User makana's Avatar
    Join Date
    Apr 2008
    Location
    Dresden, Germany
    Posts
    527
    Vote Rating
    19
    makana has a spectacular aura about makana has a spectacular aura about

      0  

    Default


    Quote Originally Posted by nrako View Post
    But still that would mean that I could create an non encrypted db in "create openMode" and use it without never know that it's not encrypted?
    Nice point! I didn't think about that. But I guess you're right here. Thanks for pointing this out.
    Programming today is a race between software engineers striving to build bigger and better іdiot-proof programs, and the universe striving to produce bigger and better idiots. So far, the universe is winning. (Rick Cook)

    Enhanced ExtJS adapter for Adobe AIR

Similar Threads

  1. Replies: 4
    Last Post: 1 Oct 2009, 9:26 PM
  2. How to give password field (encrypted format)
    By S_kavitha in forum Ext 2.x: Help & Discussion
    Replies: 1
    Last Post: 10 Jan 2008, 4:35 AM
  3. Example Database
    By bprado in forum Ext.nd for Notes/Domino
    Replies: 1
    Last Post: 25 Jul 2007, 9:41 AM
  4. how to operation database
    By a9527007 in forum Community Discussion
    Replies: 0
    Last Post: 21 Mar 2007, 5:22 PM
  5. encrypted js and css
    By pomata in forum Community Discussion
    Replies: 2
    Last Post: 29 Nov 2006, 2:40 PM

Thread Participants: 1