From: Staffan T. <sta...@gm...> - 2012-10-21 11:10:51
|
> > > Have you tested things? With the encryption ability added, can you still > work with un-encrypted databases? In other words, with the encryption > added, could someone that doesn't need / want the encryption use the > oosqlite.dll without problems? > > Mark, to answer your question: yes, it's all transparent. If you don't use the sqlite_key interface as the first action against the newly connected database it is assumed that the database is non-encrypted and even if you use it against an existing database it doesn't change its current encryption state, BUT it prohibits you to access the non-encrypted database for the rest of that connection session! Using sqlite_key late in a process has no effect, but sqlite_rekey can be used anytime, either to encrypt a non-encrypted database or to change the encryption key of an already encrypted db. I've confirmed all this. I've started some more serious testing and I believe that the suggested approach MAY need a refinement. My sample code for the key/rekey features in ooSQLite lack the possibility to specify a database name, so 'main' is always assumed. I believe this might be necessary in order to create encrypted backups using the sqlite_backup interface (e.g. .ooSQLiteBackup). Saying that I found it encouraging that SQLite by default supports not only sqlite_key and sqlite_rekey (WITH an explicit database name so it should probably be part of the Rexx API as well) but I also found that the non-documented(?) extension 'KEY xxx' to the ATTACH command seems to work as well. The following command scenario therefore works OK (assuming the encrypted databases already exist and have some data): >oosqlite3 encrypted.db .key abc123 select * from tbl1; attach 'encrypted2.db' as anotherdb key def123; select * from anotherdb.tbl1; Good, eh? :) So to summarise I think the key and rekey features should be extended to support format (re)key([db], key), with 'main' being the default for db. BTW, I like your approach with the changed SQLITE_HAS_CODE locations. Staffan |