2020-05-13 09:27:27 -04:00
..
2020-05-11 16:35:58 -04:00
2020-05-11 16:35:58 -04:00
2020-05-11 16:35:58 -04:00
2020-05-13 09:27:27 -04:00
2020-05-11 16:35:58 -04:00
2020-05-11 16:35:58 -04:00

SQLCipher - Nim / NOTES

A SQLCipher wrapper is being implemented at https://github.com/status-im/nim-sqlcipher

Notes: This is a experimental project to test how to use SQLCipher with Nim. I tried to use c2nim to generate a small wrapper for SQLite using the header file generated during the SQLCipher compilation process but I wasn't successful. Someone please try using that software to see if it works for them

I ended up using, Tiny_SQLite because it already provides a wrapper for SQLite. It assumes SQLite is dynamically linked so I changed it to static linking so I can use it with the compiled SQLCipher and added new functions.

# In sqlite_wrapper.nim
proc key*(db: PSqlite3, pKey: cstring, nKey: int32): int32{.cdecl, importc: "sqlite3_key".}
proc rekey*(db: PSqlite3, pKey: cstring, nKey: int32): int32{.cdecl, importc: "sqlite3_rekey".}

# In tiny_sqlite.nim
proc key*(db: DbConn, password: string) =
    let rc = sqlite.key(db, password, int32(password.len))
    db.checkRc(rc)

proc rekey*(db: DbConn, password: string) =
    let rc = sqlite.rekey(db, password, int32(password.len))
    db.checkRc(rc)

We can either fork this library, or create a new .nim file with the required functions, and use Tiny_SQLite along with the SQLCipher specific functions. Docs for Tiny_SQLite are available here: https://gulpf.github.io/tiny_sqlite/tiny_sqlite.html

Statically Linked OpenSSL

There are some implications: gclib should be installed in the OS that will run the static linked. This is probably an non-issue. Ubuntu is providing this lib since 2013. It might be the same for other operative systems

rm -rf lib
mkdir lib


# Compiling libcrypto.o
wget https://www.openssl.org/source/openssl-1.1.1g.tar.gz
tar -zxvf openssl-1.1.1g.tar.gz
rm openssl-1.1.1g.tar.gz
cd openssl-1.1.1g/
./config -shared
make -j`nproc`
cp libcrypto.a ../lib/.
cd ..
rm -rf openssl-1.1.1g/


# Generating sqlite3.c
git clone https://github.com/sqlcipher/sqlcipher.git
cd sqlcipher/
./configure --enable-tempstore=yes CFLAGS="-DSQLITE_HAS_CODEC" LDFLAGS="../lib/libcrypto.a"
make sqlite3.c
cp sqlite3.c ../lib/.
cd ..
rm -rf sqlcipher


# Compiling sqlite3.c
gcc -lpthread -DSQLITE_HAS_CODEC -L./lib/libcrypto.a -c ./lib/sqlite3.c -o ./lib/sqlite3.a
rm ./lib/sqlite3.c

Compile / Run

make build
./main

This will ask for a passwd to encrypt/decrypt the DB. and then insert a timestamp in a table, and select all records from that table.

Dynamic linking

Depends on the requirements / security considerations. It assumes libssl-dev is installed in Ubuntu, and will do a dynamic linking: the final user will have to install openssl before running the executable.

sudo apt install libssl-dev
rm -rf lib
mkdir lib



# Generating sqlite3.c
git clone https://github.com/sqlcipher/sqlcipher.git
cd sqlcipher/
./configure --enable-tempstore=yes CFLAGS="-DSQLITE_HAS_CODEC" LDFLAGS="-lcrypto"
make sqlite3.c
cp sqlite3.c ../lib/.
cd ..
rm -rf sqlcipher



#Compiling sqlite3.c**
gcc -lpthread -DSQLITE_HAS_CODEC -lcrypto -c ./lib/sqlite3.c -o ./lib/sqlite3.a
rm ./lib/sqlite3.c

The build command changes:

nim c -d:release -L:./lib/sqlite3.a -L:-lm -L:"-lcrypto" --threads --outdir:. main.nim
./main