Multi-cipher support at runtime for wxSQLite3

Do you like to promote your wxWidgets based application or component!? Post it here and let's see what the critics have to say. Also, if you found that ONE wx component the world needs to know about, put it here for future reference.
Post Reply
utelle
Moderator
Moderator
Posts: 1125
Joined: Tue Jul 05, 2005 10:00 pm
Location: Cologne, Germany
Contact:

Multi-cipher support at runtime for wxSQLite3

Post by utelle »

Up to wxSQLite3 version 3.5.9 it had to be decided at compile time, which encryption cipher should be used in the SQLite3 encryption extension. One could choose among the following 2 cipher schemes:
  • AES 128 Bit CBC (Default)
  • AES 256 Bit CBC
These encryption schemes were added to wxSQLite3 over 8 years ago. Since then security requirements have increased, and therefore it is intended to use a new encryption scheme, namely ChaCha20 with Poly1305 HMAC, for future versions of wxSQLite3.

Adding another encryption scheme can impose compatibility problems for existing applications. To overcome such issues in a flexible manner it is planned to support the selection of the encryption scheme at runtime. A first implementation of the multi-cipher support is now available in branch multi-cipher of the wxSQLite3 GitHub repository. The following ciphers are currently supported:
  • AES 126 Bit CBC - No HMAC (wxSQLite3 - Default cipher until wxSQLite3 version 3.5.9)
  • AES 256 Bit CBC - No HMAC (wxSQLite3)
  • ChaCha20 - Poly1305 HMAC (sqleet - intended default cipher for wxSQLite3 version 4 and above)
  • AES 256 Bit CBC - SHA1 HMAC (SQLCipher - database versions 1, 2, and 3 supported)
Preliminary documentation can be found here.

Please give it a try.

Feedback, bug reports, and feature requests are welcome.
Post Reply