Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Starting with Microsoft.Data.Sqlite.Core 5.0.0 it is no longer possible to set cipher key options #23250

Closed
jonreis opened this issue Nov 10, 2020 · 6 comments
Closed

Starting with Microsoft.Data.Sqlite.Core 5.0.0 it is no longer possible to set cipher key options #23250

jonreis opened this issue Nov 10, 2020 · 6 comments
Assignees
@bricelam
Labels
area-adonet-sqlite closed-fixed The issue has been fixed and is/will be included in the release indicated by the issue milestone. customer-reported regression Servicing-approved type-bug
Milestone
5.0.1

Comments

@jonreis
Copy link

jonreis commented Nov 10, 2020
edited
Loading

It used to be possible to configure the cipher key see: #21491. As of version 5.0.0 this is no longer possible. Instead one gets the : 'SQLite Error 26: 'file is not a database'.' exception.

In the previous code SqliteConnection.Open() did not perform any database queries. One could open the database, execute the necessary pragmas, then run a query on the database. This is no longer possible because of the exception mentioned above that is occurring in Open().

Of hand, I would guess the following code in SqliteConnetion.Open() will throw before the correct cipher key options have had a chance to be set.

    if (SQLitePCLExtensions.EncryptionSupported() != false)
    {
      this.ExecuteNonQuery("SELECT COUNT(*) FROM sqlite_master;");
    }

Perhaps there could be OnOpening event on the SqlConnection that would allow custom pragmas to be executed when a connection is being created?
@ajcvickers
Copy link
Member

/cc @bricelam

@ajcvickers ajcvickers added this to the 5.0.x milestone Nov 10, 2020
@bricelam
Copy link
Contributor

Good call. We shouldn't force decryption if a password isn't set in the connection string. This will make the experience a little worse when you forget to provide a password for an encrypted database, but I think it's worth it to enable scenarios like yours.

@jonreis
Copy link
Author

jonreis commented Nov 10, 2020

@bricelam thanks for taking a look

bricelam added a commit to bricelam/efcore that referenced this issue Nov 12, 2020
@bricelam
Microsoft.Data.Sqlite: Don't force decryption when password unset
4402dee 
Fixes dotnet#23250
@bricelam bricelam mentioned this issue Nov 12, 2020
Merged
bricelam added a commit to bricelam/efcore that referenced this issue Nov 12, 2020
@bricelam
Microsoft.Data.Sqlite: Don't force decryption when password unset
d139dcc 
Fixes dotnet#23250
@bricelam bricelam added the closed-fixed The issue has been fixed and is/will be included in the release indicated by the issue milestone. label Nov 12, 2020
@bricelam
Copy link
Contributor

bricelam commented Nov 12, 2020
edited
Loading

I may be stating the obvious here, but I think fixing this in 5.0.1 is also important to enable existing applications already using encryption to upgrade to 5.0 without changes.

bricelam added a commit to bricelam/efcore that referenced this issue Nov 12, 2020
@bricelam
Microsoft.Data.Sqlite: Don't force decryption when password unset
ebd9ce2 
Fixes dotnet#23250
@sandrohanea
Copy link
Member

sandrohanea commented Nov 15, 2020
edited
Loading

Hi!
I'm running into the same problem when trying to upgrade to ef core 5.0.
I was thinking maybe besides the fix provided by @bricelam to not force decryption if the password is not provided, it will be nice if for ef core 5.0 we'll have an option to configure these parameters using SqliteConnectionStringBuilder.

We can: add a collection of pragmas to be executed before the database is decrypted, or we can add all parameter types in the builder using typed values. These parameters can be found here: https://github.com/sqlcipher/sqlcipher/blob/master/src/crypto.c

I'd prefer the option with typed parameters, add a new class: SqlitePasswordOptionBuilder and configure it from SqliteConnectionStringBuilder like this:
image

What do you think?
If you think that this will bring any value, please, let me know and I can implement it and create a PR to add these capabilities.

@ajcvickers ajcvickers modified the milestones: 5.0.x, 5.0.1 Nov 16, 2020
@bricelam
Copy link
Contributor

bricelam commented Nov 18, 2020
edited
Loading

@sandrohanea Microsoft.Data.Sqlite is designed to work with any SQLite implementation. Given that these things are specific to SQLCipher, I think they would best live in a library built on top of Microsoft.Data.Sqlite

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@bricelam bricelam

Labels
area-adonet-sqlite closed-fixed The issue has been fixed and is/will be included in the release indicated by the issue milestone. customer-reported regression Servicing-approved type-bug
Projects
None yet
Milestone
5.0.1
Development

No branches or pull requests
5 participants
@jonreis @bricelam @ajcvickers @AndriySvyryd @sandrohanea