SQLite encryption with System.Data.SQLite.dll

[Stormgrade]

Hello,

I'm using Autoit 3.3.14.0.

I want to protect a SQLite db with System.Data.SQLite.dll. I've been searching over internet about it including this forum, JCHD gave a lead to resolve this problem but I can't apply it.

This was the code from jchd :

#include <SQLite.au3>   ; don't include sqlite.dll.au3 !!!
Local $path = @ScriptDir & "\mydb.sql"
_SQLite_Startup ("System.Data.SQLite.dll")
;ConsoleWrite(_SQLite_LibVersion() & @LF)
_SQLite_Open($path)
_SQLite_Exec(-1, "pragma key = 'Radu is happy!';create table if not exists test (id integer, val text);" & _
                "insert into test values (1, 'abc');")
Local $row
_SQLite_QuerySingleRow(-1, "select * from test;", $row)
;ConsoleWrite($row[1] & @LF)
_SQLite_Close()
_SQLite_Shutdown()

It don't work and I tried to use it with my code :

#include <SQLite.au3>
#include <MsgBoxConstants.au3>

Local $aManagerResult, $iManagerRows, $iManagerColumns, $iManagerRval
Local $DBName = "\mydb.sqlite"

Local $sSQliteDll = _SQLite_Startup("System.Data.SQLite.dll")
If @error Then
    MsgBox($MB_SYSTEMMODAL, "SQLite Error", "SQLite3.dll Can't be Loaded!" & @CRLF & @CRLF & _
    "Not FOUND in @SystemDir, @WindowsDir, @ScriptDir, @WorkingDir or from www.autoitscript.com")
    Exit -1
EndIf

Local $sDbName = @ScriptDir & "\" & $DBName
If FileExists($sDbName) = 1 Then
    FileCopy($sDbName,$sDbName & ".bak")
    FileDelete($sDbName)
EndIf

Local $hDskDb = _SQLite_Open($sDbName) ; Open a permanent disk database
If @error Then
    MsgBox($MB_SYSTEMMODAL, "SQLite Error", "Can't open or create a permanent Database!")
    Exit -1
EndIf

If Not _SQLite_Exec(-1, "CREATE TABLE manager (ID Integer PRIMARY KEY AUTOINCREMENT, Name varchar(255) NOT NULL, Login char(50) NOT NULL,Code char(50) NOT NULL);") = $SQLITE_OK Then _
    MsgBox($MB_SYSTEMMODAL, "SQLite Error", _SQLite_ErrMsg())
If Not _SQLite_Exec(-1, "pragma key = 'Radu is happy!';CREATE TABLE access (ID Integer, Login char(50) NOT NULL, Code char(50) NOT NULL);"  & _
        "INSERT INTO access VALUES (1,'admin','admin');") = $SQLITE_OK Then _
    MsgBox($MB_SYSTEMMODAL, "SQLite Error", _SQLite_ErrMsg())
MsgBox($MB_SYSTEMMODAL, "SQLite","Table crée")


_SQLite_Close($hDskDb)
_SQLite_Shutdown()

Without success, I have no clue how to encrypt my SQL db without using the _Crypt_EncryptData function for my passwords.

Thank you in advance for your help.

[JohnOne]

Only ever used System.Data.SQLite with C#

I was unaware you could use it with AutoIt

[Stormgrade]

I saw this topic :

But I'don't understand how to apply it

[jchd]

There are many versions of System.Data.SQLite.dll. You must use the one compatible with your script (x86 or x64) and which is compiled as "static" and "mixed-mode" assembly. For use with AutoIt, the .Net version is irrelevant unless you intend to also use the same library with .Net features from other programs.

Also please note that you must issue the pragma key= before any use of the DB.

[Stormgrade]

There are many versions of System.Data.SQLite.dll. You must use the one compatible with your script (x86 or x64) and which is compiled as "static" and "mixed-mode" assembly. For use with AutoIt, the .Net version is irrelevant unless you intend to also use the same library with .Net features from other programs.

Also please note that you must issue the pragma key= before any use of the DB.

Have you any lead about the one I must use ?

I've downloaded this one :

Precompiled Binaries for 32-bit Windows (.NET Framework 4.0)

sqlite-netFx40-binary-Win32-2010-1.0.97.0.zip (2.16 MiB)

This binary package contains all the binaries for the x86 version of the System.Data.SQLite 1.0.97.0 (3.8.10.2) package. The Visual C++ 2010 SP1 runtime for x86 and the .NET Framework 4.0 are required. (sha1: 404a5c35683d78eba1fa4de78546a8e6dd0d7f74)

[jchd]

I just downloaded this version then copied the DLL in the @scriptdir from the zip file. Then this exemple works as intended:

#include <SQLite.au3>   ; don't include sqlite.dll.au3 !!!

Local $path = @ScriptDir & "\mydb.sql"
_SQLite_Startup ("System.Data.SQLite.dll")
ConsoleWrite(_SQLite_LibVersion() & @LF)
Local $row

; using encryption
_SQLite_Open($path)
_SQLite_Exec(-1, "pragma key = 'Radu is happy!';create table if not exists test (id integer, val text);" & _
                "insert into test values (1, 'abc');")
_SQLite_QuerySingleRow(-1, "select * from test;", $row)
ConsoleWrite($row[1] & @LF)
_SQLite_Close(-1)

; not using encryption over the encrypted DB gives a failure
_SQLite_Open($path)
_SQLite_QuerySingleRow(-1, "select * from test;", $row)
ConsoleWrite(_SQLite_ErrMsg(-1) & @LF)
_SQLite_Close(-1)

; changing back to no encryption
_SQLite_Open($path)
_SQLite_Exec(-1, "pragma key = 'Radu is happy!'")
_SQLite_Exec(-1, "pragma rekey = ''")
_SQLite_QuerySingleRow(-1, "select * from test;", $row)
ConsoleWrite($row[1] & @LF)
_SQLite_Close(-1)

_SQLite_Shutdown()

 

Edited July 29, 2015 by jchd
pragma is rekey to change key

[JohnOne]

Are we talking about encryption of data here, or just the data base having a password?

[Stormgrade]

I just downloaded this version then copied the DLL in the @scriptdir from the zip file. Then this exemple works as intended:

 

I'm very sorry I don't understand, I've downloaded the zip file then I decompress "System.Data.SQLite.dll" (Later I've used all files inside the zip)

I make my au3 file in the same folder as this dll and I copy paste your code but It won't work :

"......\test2.au3" (26) : ==> Subscript used on non-accessible variable.:
ConsoleWrite($row[1] & @LF)
ConsoleWrite($row^ ERROR

It won't create the  mydb.sql file, Do you use autoit 3.3.14.0 ?

Did It work for someone else maybe I'm doing it wrong somewhere?

[JohnOne]

Works for me 3.3.12.0

Not tried of 3.3.14.0

[Stormgrade]

Works for me 3.3.12.0

Not tried of 3.3.14.0

Well it work with 3.3.12.0 ...

It return this :

3.8.10.2
abc
!   SQLite.au3 Error
--> Function: _SQLite_Query
--> Query:    select * from test;
--> Error:    file is encrypted or is not a database

file is encrypted or is not a database
abc
+>16:06:25 AutoIt3.exe ended.rc:0
+>16:06:25 AutoIt3Wrapper Finished.
>Exit code: 0    Time: 1.244

The file was created.

I've got a similar problem with CryptEncrypt function when I have upgraded to 3.3.14.

Any idea for a workaround or I must keep my 3.3.12.0 version ?

[jchd]

Work with both release 3.3.14.0 and beta 3.3.15.0, both x86.

Can you paste the Scite console output, showing SQLite error msg, if any?

Note that if the DB file exists encrypted before running the script it will fail. Just delete the file for the example to work.

For more information about how to use pragmas key and rekey and how to attach encrypted DBs, see this document under "Using the "key" PRAGMA" and "Using The ATTACH Command". The encryption offered by System.Data.SQLite is not SEE, so forget about the specifics in the official document (SEE is payware).

Edited July 29, 2015 by jchd

[Stormgrade]

Work with both release 3.3.14.0 and beta 3.3.15.0, both x86.

Can you paste the Scite console output, showing SQLite error msg, if any?

Note that if the DB file exists encrypted before running the script it will fail. Just delete the file for the example to work.

For more information about how to use pragmas key and rekey and how to attach encrypted DBs, see this document under "Using the "key" PRAGMA" and "Using The ATTACH Command". The encryption offered by System.Data.SQLite is not SEE, so forget about the specifics in the official document (SEE is payware).

Well we'll see that tomorrow because it work well in my home but not at my office, something is wrong on my office computeur.

The output for 3.3.14.0 was :

0
"......\test2.au3" (26) : ==> Subscript used on non-accessible variable.:
ConsoleWrite($row[1] & @LF)
ConsoleWrite($row^ ERROR

I'll reinstall autoit.

[JohnOne]

What type and level of encryption is it?

[jchd]

Well we'll see that tomorrow because it work well in my home but not at my office, something is wrong on my office computeur.

The output for 3.3.14.0 was :

0
"......\test2.au3" (26) : ==> Subscript used on non-accessible variable.:
ConsoleWrite($row[1] & @LF)
ConsoleWrite($row^ ERROR

I'll reinstall autoit.

The first line carrying '0' means the DLL wasn't found. Noo need to reinstal, just sort out why the DLL is not there.

[Stormgrade]

I've uninstalled autoit and I do a clean install.

It work now.

Thank you for your help.

[jchd]

Glad to see it works for you too. There must have been something gone mad with the previous AutoIt environment/setup causing havoc.

Reading the document mentionned above, you'll see that you can use pragma hexkey = 'A40F38D5CC20E6' to use a hex password and pragma hexrekey to change it to some other hex value. If you look at a non-encrypted DB you'll see the string "SQLite format 3" at the start of file and the DB DML in plain text following the header, but once the DB is encrypted, nothing is human- readable, not even a little hint that this file is an SQLite DB.

@guinness,

Yes, the static mixed-mode assembly carries the standard C DLL interface plus the .net one (hence the mixed-mode term). This worked from day one of this library and still does now that Joe Mistachkin has taken the over .Net development as part of the official SQLite dev team. It's now unlikely that encryption support will be dropped for there are way too many users relying on it.

Edited July 30, 2015 by jchd

[guinness]

I had no clue System.Data.SQLite.dll would work. Learnt something new.

[Stormgrade]

Glad to see it works for you too. There must have been something gone mad with the previous AutoIt environment/setup causing havoc.

Reading the document mentionned above, you'll see that you can use pragma hexkey = 'A40F38D5CC20E6' to use a hex password and pragma hexrekey to change it to some other hex value. If you look at a non-encrypted DB you'll see the string "SQLite format 3" at the start of file and the DB DML in plain text following the header, but once the DB is encrypted, nothing is human- readable, not even a little hint that this file is an SQLite DB.

@guinness,

Yes, the static mixed-mode assembly carries the standard C DLL interface plus the .net one (hence the mixed-mode term). This worked from day one of this library and still does now that Joe Mistachkin has taken the over .Net development as part of the official SQLite dev team. It's now unlikely that encryption support will be dropped for there are way too many users relying on it.

Thank you for the pragma hexkey tip, I'm trying to make an Internet Password keeper like Firefox Secure login, thanks for your help !!

[jchd]

On 29/07/2015 at 3:28 PM, JohnOne said:

Are we talking about encryption of data here

@JohnOne,

This is plain whole DB file encryption. SQlite works with I/O blocks it calls pages inside a DB file. This encryption layer encrypts/decrypts pages on the fly when SQLite needs to write/read (resp.) pages from the file.

On 29/07/2015 at 6:26 PM, JohnOne said:

What type and level of encryption is it?

I don't know precisely, it would take reading the source code for that, but it must be a decent level like SHA2 ou something. Don't fear breaking by sister kid.

On 29/07/2015 at 3:28 PM, JohnOne said:

or just the data base having a password?

There is an SQLite add-on available in source form which allows SQLite to perform user anthentication (a completely distinct feature from encryption).

The module can be found in the source distribution, under ext\userauth and I can say it works pretty well. The caveat is that it uses the same file format as non authentication-enabled DBs, which means that if you can gain access to the DB, you can use any standard tool to read/write it without being authenticated. The feature is meant to restrict user access rights on a per-user basis, where the file is priviledge-protected inside a server or non-user area. Read user-auth.txt for details.

[JohnOne]

Crikey!

Cheers jchd.

You know, you must have set the wrong date on your time machine