Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support for hexadecimal passwords of System.Data.SQLite/RC4 #70

Closed
professor-k opened this issue Mar 21, 2022 · 4 comments
Closed

Support for hexadecimal passwords of System.Data.SQLite/RC4 #70

professor-k opened this issue Mar 21, 2022 · 4 comments
Assignees
@utelle
Labels
enhancement New feature or request

Comments

@professor-k
Copy link

System.Data.SQLite supported hexadecimal passwords, like this: data source=mydb.sqlite;hexpassword=6d696c6b. In case I'm playing in sandbox, and those four bytes are 'milk' in ASCII encoidng, I can also access such database with data source=mydb.sqlite;password=milk, and respectively later with SQLite3MultipleCiphers PRAGMA cipher = rc4 and PRAGMA key = 'milk'.

It's reasonable to assume that under the hood there is just binary key used by the algorithm whatsoever, so it's just a matter of finding a way to pass it down.

Problem is that when it comes to real world databases encrypted with random sets of 32 bytes, just straight decoding them into ASCII (or in local code page, or something similar), chances of getting string valid from the point of view of SQLite are pretty slim. Furthermore, SQLite doesn't let any operators left of pragma's equal, so CASTs, CHARs and ||s are out of option, and there are no variables in SQLite that I know of. So I was not able to access such databases using SQLite3MultipleCiphers. Still I tried passing the key using both special ways (SQLCipher and sqleet) too, but obviously it didn't work.

It would be really handy if it was possible to pass hex passwords in similar way for RC4.
@professor-k professor-k changed the title Support for hexadecimal passwords if System.Data.SQLite/RC4 Support for hexadecimal passwords of System.Data.SQLite/RC4 Mar 21, 2022
@utelle
Copy link
Owner

utelle commented Mar 21, 2022

[...] It's reasonable to assume that under the hood there is just binary key used by the algorithm whatsoever, so it's just a matter of finding a way to pass it down.

Typically, a hash algorithm is used to derive the actual encryption key. For the cipher schemes sqleet (ChaCha20) and SQLCipher there exist methods to use a special key syntax to circumvent the key derivation. Those methods are supported by SQLite3MultipleCiphers as well to be compatible with the original implementations of the ciphers.

It would be really handy if it was possible to pass hex passwords in similar way for RC4.

Currently, SQLite3MultipleCiphers allows to specify hex passwords via URI parameter hexkey (see URI parameters). However, I have to admit that it would be convenient to be able to specify hex passwords via pragma as well.

I will add pragma support for hex passwords with the next release of SQLite3MultipleCiphers.

@utelle utelle self-assigned this Mar 21, 2022
@utelle utelle added the enhancement New feature or request label Mar 21, 2022
utelle added a commit that referenced this issue Mar 22, 2022
@utelle
Add pragma hexkey/hexrekey to resolve issue #70
2ecb37e
@professor-k
Copy link
Author

Thank you. I thought I missed something. In paticular, all the URI parameters went under radar for me :)

@utelle
Copy link
Owner

utelle commented Mar 28, 2022

Release 1.3.10 now includes this enhancement.

@utelle utelle closed this as completed Mar 28, 2022
@professor-k
Copy link
Author

Thank you, much appreciated! (and separate thank you for fix with 40 bytes)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@utelle utelle

Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@professor-k @utelle