SQLite encryption at-rest is a hot requested feature of both the “default” CGo driver [1] and the transpiled alternative driver [2]. So, this is a feature I wanted to bring to my own Wasm based Go driver/bindings [3].
Open-source SQLite encryption extensions have had a troubled last few years. For whatever reason, in 2020 the (undocumented) feature that made it easy to offer page-level encryption was removed [4]. Some solutions are stuck with SQLite 3.31.1, but Ulrich Telle stepped up with a VFS approach [5].
Still, their solution seemed harder than something I'd want to maintain, as it requires understanding the structure of what's being written to disk at the VFS layer. So, I looked at full disk encryption for something with less of an impedance mismatch.
Specifically, I'm using the Adiantum tweakable and length-preserving encryption (with 4K blocks, matching the default SQLite page size), and encrypting whole files (rather than page content).
I'm not a cryptographer, so I'd really appreciate some roasting before release.
There is nothing very Go specific about this (apart from the implementation) so if there are no obvious flaws, it may make sense to port it to C/Rust/etc and make it a loadable extension.
[1] https://github.com/mattn/go-sqlite3/pull/1109
[2] https://gitlab.com/cznic/sqlite/-/issues/105
[3] https://github.com/ncruces/go-sqlite3/issues/55
[4] https://github.com/sqlite/sqlite/commit/b48c0d59
[5] https://github.com/utelle/SQLite3MultipleCiphers
Comments URL: https://news.ycombinator.com/item?id=40208800
Points: 30
# Comments: 7
https://github.com/ncruces/go-sqlite3/tree/main/vfs/adiantum
Chcete-li přidat komentář, přihlaste se
Ostatní příspěvky v této skupině
Article URL: https://vin01.github.io/
I used to work for Facebook and Google and constantly got asked questions like "Hey, my Instagram account got blocked for no reason. Could you help me get it back?". I'd say yes, it would take me
Article URL: https://github.com/Openpanel-dev/openpanel
Comments URL: https:
Article URL: https://www.theembeddedrustacean.com/c/ser-std
Article URL: https://breckyunits.com/scrollsets.html
Comments URL: https://news