Implementing sqlite3_key sqlite3_rekey

[x0d3r]

I am looking for an implementation of the following encryption layers

#ifdef SQLITE_HAS_CODEC
/*
** Specify the key for an encrypted database.  This routine should be
** called right after sqlite3_open().
**
*/
SQLITE_API int sqlite3_key(
  sqlite3 *db,                   /* Database to be rekeyed */
  const void *pKey, int nKey     /* The key */
);
SQLITE_API int sqlite3_key_v2(
  sqlite3 *db,                   /* Database to be rekeyed */
  const char *zDbName,           /* Name of the database */
  const void *pKey, int nKey     /* The key */
);

/*
** Change the key on an open database.  If the current database is not
** encrypted, this routine will encrypt it.  If pNew==0 or nNew==0, the
** database is decrypted.
**
*/
SQLITE_API int sqlite3_rekey(
  sqlite3 *db,                   /* Database to be rekeyed */
  const void *pKey, int nKey     /* The new key */
);
SQLITE_API int sqlite3_rekey_v2(
  sqlite3 *db,                   /* Database to be rekeyed */
  const char *zDbName,           /* Name of the database */
  const void *pKey, int nKey     /* The new key */
);

/*
** Specify the activation key for a SEE database.  Unless 
** activated, none of the SEE routines will work.
*/
SQLITE_API void sqlite3_activate_see(
  const char *zPassPhrase        /* Activation phrase */
);
#endif 

And add the following methods:

db, err := sql.Open("sqlite3", "hostxs","key")

db, err := sql.SetDatabaseKey("sqlite3", "hostxs","key")

[mattn]

sql.Open is interface of database/sql so I will not provide such unction that take three arguments.
However, I may be possible to support query parameter that add the feature. For example:

db, err := sql.Open("sqlite3", "foo.db?_key=XXX")

[x0d3r]

Totally agree, thanks for your time

[gjrtimmer]

I'm thinking about implementing those call in a golang CGO header and redirect to golang function which uses Golang Native AES encryption which means no dependency on OpenSSL. @x0d3r we should implement the DSN _key option when you are binding this package to a SQLite which is compiled with HAS_CODEC and provides an implementation.

[ivincent6]

Were these function calls ever implemented?

[barats]

I'm thinking about implementing those call in a golang CGO header and redirect to golang function which uses Golang Native AES encryption which means no dependency on OpenSSL. @x0d3r we should implement the DSN _key option when you are binding this package to a SQLite which is compiled with HAS_CODEC and provides an implementation.

implementing those call in a golang CGO header and redirect to golang function which uses Golang Native AES encryption

Is it done yet?

[jgiannuzzi]

I have implemented support for these functions through SQLCipher in the following PR: #1109. It does depend on OpenSSL at this stage, but it's probably better than not having encryption support at all.