Page 1 of 1

wxsqlite3.4.2.0 how to open old encryted database

Posted: Mon Nov 05, 2018 9:38 am
by kjteng
I have some old database (encryted with AES256 using wxsqlite3.3.5.0.dll) which I want to access after switching to wxsqlite3.4.2.0.

According to the documentation, I need to run one of the following (depend on the encryption method used) :
SELECT wxsqlite3_config("cipher", "aes256cbc");
SELECT wxsqlite3_config("aes256cbc", "legacy", 0);
SELECT wxsqlite3_config("aes256cbc", "legacy", 1);
SELECT wxsqlite3_config("aes256cbc", "legacy_page_size", 1024);
SELECT wxsqlite3_config("aes256cbc", "legacy_page_size", 4096);
SELECT wxsqlite3_config("aes256cbc", "kdf_iter", 4001);

I tried each and every one of the above (with freepascal and zeolib component)
zconnection.ExecDirect( 'SELECT wxsqlite3_config("cipher", "aes256cbc");') etc but no success.
Error messge:
error3.png
error3.png (23.72 KiB) Viewed 1097 times
My code:

Code: Select all


procedure TForm1.bt1OpenTableClick(Sender: TObject);
begin
  ZConnection1.Disconnect;
  ZConnection1.Database := FileNameEdit1.FileName;
  ZConnection1.Password :=  tx1Pass.Text;
  if tx1Pass.Text > '' then
    ZConnection1.Properties.Values['encrypted']:= 'True'
  else
    ZConnection1.Properties.Values['encrypted']:= 'False' ;
  ZConnection1.Connect;

  ZConnection1.ExecuteDirect('SELECT wxsqlite3_config("cipher", "aes256cbc");');
  // ZConnection1.ExecuteDirect('SELECT wxsqlite3_config("aes256cbc", "legacy", 0);');
  // ZConnection1.ExecuteDirect('SELECT wxsqlite3_config("aes256cbc", "legacy", 1);');
  // ZConnection1.ExecuteDirect('SELECT wxsqlite3_config("aes256cbc", "legacy_page_size", 1024);');
  // ZConnection1.ExecuteDirect('SELECT wxsqlite3_config("aes256cbc", "legacy_page_size", 4096);');
  // ZConnection1.ExecuteDirect('SELECT wxsqlite3_config("aes256cbc", "kdf_iter", 4001);');
  ZQuery1.Open;
end;
Have I missed out something?

Re: wxsqlite3.4.2.0 how to open old encryted database

Posted: Mon Nov 05, 2018 12:17 pm
by utelle
kjteng wrote:I have some old database (encryted with AES256 using wxsqlite3.3.5.0.dll) which I want to access after switching to wxsqlite3.4.2.0.

According to the documentation, I need to run one of the following (depend on the encryption method used) :
SELECT wxsqlite3_config("cipher", "aes256cbc");
SELECT wxsqlite3_config("aes256cbc", "legacy", 0);
SELECT wxsqlite3_config("aes256cbc", "legacy", 1);
SELECT wxsqlite3_config("aes256cbc", "legacy_page_size", 1024);
SELECT wxsqlite3_config("aes256cbc", "legacy_page_size", 4096);
SELECT wxsqlite3_config("aes256cbc", "kdf_iter", 4001);
If your database was encrypted with the original wxSQLite3 3.5.0 version for AES256, then just selecting the cipher should work, because the default parameters were not changed since then. That is, issuing

Code: Select all

  SELECT wxsqlite3_config("cipher", "aes256cbc"); 
  PRAGMA key='your passphrase';
after opening the database should allow you to access your data.

You should verify that using the SQLite3 shell binary coming with the latest wxSQLite3 release (file wxsqlite3-sqlite3-multicipher.zip).
kjteng wrote:I tried each and every one of the above (with freepascal and zeolib component)
zconnection.ExecDirect( 'SELECT wxsqlite3_config("cipher", "aes256cbc");') etc but no success.

My code:

Code: Select all


procedure TForm1.bt1OpenTableClick(Sender: TObject);
begin
  ZConnection1.Disconnect;
  ZConnection1.Database := FileNameEdit1.FileName;
  ZConnection1.Password :=  tx1Pass.Text;
  if tx1Pass.Text > '' then
    ZConnection1.Properties.Values['encrypted']:= 'True'
  else
    ZConnection1.Properties.Values['encrypted']:= 'False' ;
  ZConnection1.Connect;

  ZConnection1.ExecuteDirect('SELECT wxsqlite3_config("cipher", "aes256cbc");');
  // ZConnection1.ExecuteDirect('SELECT wxsqlite3_config("aes256cbc", "legacy", 0);');
  // ZConnection1.ExecuteDirect('SELECT wxsqlite3_config("aes256cbc", "legacy", 1);');
  // ZConnection1.ExecuteDirect('SELECT wxsqlite3_config("aes256cbc", "legacy_page_size", 1024);');
  // ZConnection1.ExecuteDirect('SELECT wxsqlite3_config("aes256cbc", "legacy_page_size", 4096);');
  // ZConnection1.ExecuteDirect('SELECT wxsqlite3_config("aes256cbc", "kdf_iter", 4001);');
  ZQuery1.Open;
end;
Have I missed out something?
Looking at the code I get the impression that method Connect of the database connection ZConnection1 will already call the function sqlite3_key internally to set up the encryption key. Therefore the calls to method ExecuteDirect to adjust the encryption parameters come too late, because method Connect already established the encrypted database connection using the defaults (ChaCha20).

I don't know whether the implementation of method Connect performs any other database actions before returning to the application. In principle, the following code should work:

Code: Select all

procedure TForm1.bt1OpenTableClick(Sender: TObject);
var
  keyPragma : String;
begin
  ZConnection1.Disconnect;
  ZConnection1.Database := FileNameEdit1.FileName;
  ZConnection1.Properties.Values['encrypted']:= 'False' ;
  ZConnection1.Connect;

  ZConnection1.ExecuteDirect('SELECT wxsqlite3_config("cipher", "aes256cbc");');
  keyPragma := "PRAGMA key=" + QuotedStr(tx1Pass.Text) + ";";
  ZConnection1.ExecuteDirect(keyPragma);
  // Access the database as usual
  // ...
end;
It would be certainly best if the connection object would be able to pass cipher configuration parameters dircetly to the database object, but currently this doesn't seem to be possible.

I consider to implement alternatives for passing cipher configuration parameters to the database (like a key prefix or parameters that can be added to the database file URI). However, I have not yet decided which route to take, and therefore the above workaround will have to be used for now. Alternatively one could generate a SQLite DLL that supports the wanted cipher as the default selection.

Regards,

Ulrich

Re: wxsqlite3.4.2.0 how to open old encryted database

Posted: Mon Nov 05, 2018 1:09 pm
by kjteng
Oh yes! "PRAGMA key=" + QuotedStr(tx1Pass.Text) + ";";
Problem solved !
Also thanks for the detailed explanation.
Thank you very much.