Skip to content

Support a Rekey Operation That Works Off of a char[] #370

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
commonsguy opened this issue Jan 4, 2018 · 3 comments
Closed

Support a Rekey Operation That Works Off of a char[] #370

commonsguy opened this issue Jan 4, 2018 · 3 comments

Comments

@commonsguy
Copy link
Collaborator

SQLCipher for Android version: 3.5.9

Expected Behavior

I expected that calling this method would work:

public void rekey(SQLiteDatabase db, char[] passphrase) {
    db.execSQL("PRAGMA rekey=?", new Object[] {passphrase});
}

Actual Behavior

SQLCipher for Android fall down, go "boom":

net.sqlcipher.database.SQLiteException: near "?": syntax error: , while compiling: PRAGMA rekey=?
at net.sqlcipher.database.SQLiteCompiledSql.native_compile(Native Method)
at net.sqlcipher.database.SQLiteCompiledSql.compile(SQLiteCompiledSql.java:91)
at net.sqlcipher.database.SQLiteCompiledSql.<init>(SQLiteCompiledSql.java:64)
at net.sqlcipher.database.SQLiteProgram.<init>(SQLiteProgram.java:79)
at net.sqlcipher.database.SQLiteStatement.<init>(SQLiteStatement.java:39)
at net.sqlcipher.database.SQLiteDatabase.compileStatement(SQLiteDatabase.java:1589)
at net.sqlcipher.database.SQLiteDatabase.execSQL(SQLiteDatabase.java:2312)

This indicates that PRAGMA does not support placeholders, which seems to fit what teh Internets are saying. And, in general, that's not a big problem. However, specifically for rekey, it sucks, because we now have to create a String that contains the passphrase, and putting passphrases in String objects is bad.

Issue #93 addressed supplying a char[] for the passphrase for opening the database, and this comment suggests that a rekey option for char[] would be offered in the future, but AFAIK the future has not arrived yet.

I can see two possible avenues for this:

  1. Support char[] for SQL statements across the board, with an eye towards eventually surfacing them in an execSQL(char[]). This offers the best security, as now we can even avoid having some of our data that we are storing be held in String objects. However, this would require rewriting a fair bit of code to stop using String as the datatype for SQL statements. It would require us to assemble a char[] SQL statement without strings for rekey, which is doable but aggravating. And I can't see how to offer char[] support on queries other than perhaps by having the SQLCipher Cursor implementation support char[].

  2. Offer some direct implementation of rekey that can be surfaced directly as a rekey(char[]) method. For example, perhaps there is a way to implement rekey(char[]) that calls some native method directly, bypassing all the SQLiteStatement/SQLiteProgram stuff that is involved in execSQL(String).

There may be other options that are not coming to mind, of course.

Thanks for considering this!
@developernotes
Copy link
Member

Hi @commonsguy

We have a function called changePassword available on the SQLiteDatabase that will take a char[]. That function ends up operating directly on the bytes, so a String is not created. Would that work for your needs?

@commonsguy
Copy link
Collaborator Author

Most likely! I missed that somehow. My sincere apologies, and many thanks!

@developernotes
Copy link
Member

Hi @commonsguy

No worries at all, let us know if you run into any issues. Thanks!

@sqlcipher sqlcipher locked and limited conversation to collaborators Jan 4, 2018
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@developernotes @commonsguy