Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

encryption demo: based on SQLite3MultipleCiphers fork #824

Merged
merged 28 commits into from
Jan 17, 2024
Merged

encryption demo: based on SQLite3MultipleCiphers fork #824

merged 28 commits into from
Jan 17, 2024

Conversation

psarna
Copy link
Contributor

@psarna psarna commented Dec 22, 2023
edited
Loading

This series adds a multiple-ciphers feature to libsql-server, which turns on encryption at rest.

The SQLite3MultipleCiphers source code was brought from my fork, which includes a few simple changes to integrate directly with unpatched libsql amalgamation file: https://github.com/psarna/SQLite3MultipleCiphers . It's based on SQLite3MultipleCiphers 1.8.1, and the source code is copied as-is, including all the licensing, docs and tributes.

The passphrase can be specified with --passphrase, e.g. --passphrase turso123.

After you run sqld with this patch, all data is encoded on disk
with the passed passphrase. You can't read it directly from the file,
unless you use sqlite3mc's shell and start with

PRAGMA KEY=turso123;

, and then it gets properly decrypted.

@psarna psarna changed the title encryption demo: based on precompiled libsqlite3mc.so encryption demo: based on SQLite3MultipleCiphers fork Jan 3, 2024
@psarna psarna force-pushed the sqlite3mc_tests branch 11 times, most recently from b75aad2 to bdd2d40 Compare January 8, 2024 10:54
penberg
penberg approved these changes Jan 9, 2024
View reviewed changes
Copy link
Collaborator

@penberg penberg left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@MarinPostma @LucioFranco please have a look. we may want to change the configuration from a passphrase to some per-database key thing, but let's get something simple merged and iterate on this.

@psarna psarna force-pushed the sqlite3mc_tests branch 10 times, most recently from 77b7ea0 to 7ecbe8c Compare January 10, 2024 12:29
This was referenced Jan 11, 2024
Merged
Closed
@psarna psarna force-pushed the sqlite3mc_tests branch 5 times, most recently from 6f2afb0 to c82205c Compare January 12, 2024 12:16
psarna and others added 21 commits January 16, 2024 16:44
@psarna
tests/replication: fix wrt encryption-at-rest
e6dfe35
@psarna
benches: fix wrt encryption at rest
4d2fc25
@psarna
embedded_replica/tests: same
fc819a7
@psarna
libsql: fix cargo udeps detected inconsistencies
1032e31
@psarna
treewide: huge un-featurization
da21747 
The passphrase parameter is now unconditional, we just don't use it
if not applicable.
@psarna
treewide: refactor string passphrase to vec<u8> key
fdeb1c5
@psarna
drop the debug key leak
0f315a3
@psarna
udeps: fix replication dependency
a3466b0
@psarna
one more udeps fix
75fea46
@psarna
one more
a9c0537
@psarna
please let it be the last one, I'm tired boss
55958f5
@psarna @LucioFranco
Drop all the newspaces
02a83b1 
Co-authored-by: Lucio Franco <[email protected]>
@psarna
treewide: rename the feature to just "encryption"
4cd8656
@psarna
error-out if encryption is not compiled-in, and the key is passed
77737da
@psarna
encryption: drop a key setter, not used anyway
5a0ae71
@psarna
drop the duplicate declaration of C API sqlite3_key
5bc7ce5
@psarna
fix the rusqlite-vs-no-rusqlite error
99e19d8
@psarna
libsql-sys: wrap conn.handle() in unsafe {}
6025112
@psarna
libsql-sys: de-featurize set_encryption_key's error type
eb0daf6
@psarna
drop stray newline
1516bb9
@psarna
libsql: error on passing an encryption key without the feature
b504d1e
@psarna psarna enabled auto-merge January 16, 2024 15:48
@psarna psarna dismissed LucioFranco’s stale review January 17, 2024 07:17

(quoting Lucio's post on slack: "not checking ship it")

@psarna psarna added this pull request to the merge queue Jan 17, 2024
@github-merge-queue github-merge-queue bot removed this pull request from the merge queue due to failed status checks Jan 17, 2024
@psarna psarna added this pull request to the merge queue Jan 17, 2024
Merged via the queue into main with commit 48757e5 Jan 17, 2024
12 checks passed
@psarna psarna deleted the sqlite3mc_tests branch January 17, 2024 10:29
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@penberg penberg penberg approved these changes

@LucioFranco LucioFranco LucioFranco left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@psarna @penberg @LucioFranco