SQLCipher的使用
2016-05-28 18:25
1361 查看
http://blog.csdn.net/majiakun1/article/details/46551137
SQLCipher 是用来加密数据库
一.
1.安装sqlcipher命令,首先需要安装brew, 在终端输入
ruby -e "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/install)"
成功之后在终端在运行
brew install sqlcipher
二.
1. 创建加密数据库
$ sqlcipher encrypted.db
SQLCipher version 3.8.4.3 2014-04-03 16:53:12
Enter ".help" for instructions
Enter SQL statements terminated with a ";"
sqlite> PRAGMA key = 'thisiskey';
sqlite> create table encrypted (id integer, name text);
sqlite> .schema
CREATE TABLE encrypted (id integer, name text);
sqlite> .q
2. 打开加密数据库
$ sqlcipher encrypted.db
SQLCipher version 3.8.4.3 2014-04-03 16:53:12
Enter ".help" for instructions
Enter SQL statements terminated with a ";"
sqlite> PRAGMA key = 'thisiskey';
sqlite> .schema
CREATE TABLE encrypted (id integer, name text);
3. 修改数据库密码
sqlite> PRAGMA rekey = 'newkey';
4. 加密已有的数据库
$ sqlcipher banklist.sqlite3
SQLCipher version 3.8.4.3 2014-04-03 16:53:12
Enter ".help" for instructions
Enter SQL statements terminated with a ";"
sqlite> ATTACH DATABASE 'encrypted.db' AS encrypted KEY 'thisiskey';
sqlite> SELECT sqlcipher_export('encrypted');
sqlite> DETACH DATABASE encrypted;
5. 解密数据库
$ sqlcipher encrypted.db
SQLCipher version 3.8.4.3 2014-04-03 16:53:12
Enter ".help" for instructions
Enter SQL statements terminated with a ";"
sqlite> PRAGMA key = 'thisiskey';
sqlite> ATTACH DATABASE 'plaintext.db' AS plaintext KEY '';
sqlite> SELECT sqlcipher_export('plaintext');
sqlite> DETACH DATABASE plaintext;
转自 : http://my.oschina.net/kjpioo/blog/149290
satckoverflow.com上有人提到过在
sqlite> sqlcipher-shell32.exe test.db
sqlite> PRAGMA KEY = '12345';
给刚打开的数据库设置密码后,马上接着往数据库执行create table和 insert操作。最后用
sqlite> .e
退出该数据库。但是下次再用
sqlite> sqlcipher-shell32.exe test.db
登录,在输入密码前执行了.schema等其他操作
sqlite>.schema
Error: file is encrypted or is not a database
sqlite> PRAGMA KEY = '12345';
Error: file is encrypted or is not a database
遭到提示:Error: file is encrypted or is not a database
根据官方以上英文描述,这个问题就是因为操作上没有遵循just-in-time key derivation的要求,没有首先输密码解密再进行其他操作。
有图为证:
----------------以下为正确操作过程:
SQLite version 3.7.15.2 2013-01-09 11:53:05
Enter ".help" for instructions
Enter SQL statements terminated with a ";"
sqlite> PRAGMA KEY = '12345';
sqlite> .schema
CREATE TABLE t(name text);
sqlite> select * from t;
n1
sqlite>
----------------以下为错误操作过程:
Enter SQL statements terminated with a ";"
sqlite> .schema
Error: file is encrypted or is not a database
sqlite> PRAGMA KEY = '12345';
sqlite> .schema
Error: file is encrypted or is not a database
sqlite>
确实如此。
以上过程你可以自己亲自验证以下。
注意:通过命令行( sqlcipher-shell32.exe) 执行命令,与通过sqlite3
api调用操作sqlite3数据库,是一样的道理
参考:
https://www.zetetic.net/sqlcipher/sqlcipher-api/#key
The process of creating a new, encrypted database is called “keying” the database. SQLCipher uses just-in-time key derivation at the point it is first needed for an operation. This means that the key (and any options) must be set before the first operation
on the database. As soon as the database is touched (e.g.
etc.) and pages need to be read or written, the key is prepared for use.
The key itself can be a passphrase, which is converted to a key using PBKDF2 key derivation. The
result is used as the encryption key for the database.
Alternatively, it is possible to specify an exact byte sequence using a blob literal. With this method, it is the calling application's responsibility to ensure that the data provided is a 64 character hex string, which will be converted directly to 32 bytes
(256 bits) of key data.
When opening an existing database,
the key provided is incorrect. To test that the database can be successfully opened with the provided key, it is necessary to perform some operation on the database (i.e. read from it) and confirm it is success.
The easiest way to do this is select off the sqlite_master table, which will attempt to read the first page of the database and will parse the schema.
The same check can be implemented in C code
be called as the first operation on a database.
SQLCipher 是用来加密数据库
一.
1.安装sqlcipher命令,首先需要安装brew, 在终端输入
ruby -e "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/install)"
成功之后在终端在运行
brew install sqlcipher
二.
1. 创建加密数据库
$ sqlcipher encrypted.db
SQLCipher version 3.8.4.3 2014-04-03 16:53:12
Enter ".help" for instructions
Enter SQL statements terminated with a ";"
sqlite> PRAGMA key = 'thisiskey';
sqlite> create table encrypted (id integer, name text);
sqlite> .schema
CREATE TABLE encrypted (id integer, name text);
sqlite> .q
2. 打开加密数据库
$ sqlcipher encrypted.db
SQLCipher version 3.8.4.3 2014-04-03 16:53:12
Enter ".help" for instructions
Enter SQL statements terminated with a ";"
sqlite> PRAGMA key = 'thisiskey';
sqlite> .schema
CREATE TABLE encrypted (id integer, name text);
3. 修改数据库密码
sqlite> PRAGMA rekey = 'newkey';
4. 加密已有的数据库
$ sqlcipher banklist.sqlite3
SQLCipher version 3.8.4.3 2014-04-03 16:53:12
Enter ".help" for instructions
Enter SQL statements terminated with a ";"
sqlite> ATTACH DATABASE 'encrypted.db' AS encrypted KEY 'thisiskey';
sqlite> SELECT sqlcipher_export('encrypted');
sqlite> DETACH DATABASE encrypted;
5. 解密数据库
$ sqlcipher encrypted.db
SQLCipher version 3.8.4.3 2014-04-03 16:53:12
Enter ".help" for instructions
Enter SQL statements terminated with a ";"
sqlite> PRAGMA key = 'thisiskey';
sqlite> ATTACH DATABASE 'plaintext.db' AS plaintext KEY '';
sqlite> SELECT sqlcipher_export('plaintext');
sqlite> DETACH DATABASE plaintext;
转自 : http://my.oschina.net/kjpioo/blog/149290
satckoverflow.com上有人提到过在
sqlite> sqlcipher-shell32.exe test.db
sqlite> PRAGMA KEY = '12345';
给刚打开的数据库设置密码后,马上接着往数据库执行create table和 insert操作。最后用
sqlite> .e
退出该数据库。但是下次再用
sqlite> sqlcipher-shell32.exe test.db
登录,在输入密码前执行了.schema等其他操作
sqlite>.schema
Error: file is encrypted or is not a database
sqlite> PRAGMA KEY = '12345';
Error: file is encrypted or is not a database
遭到提示:Error: file is encrypted or is not a database
根据官方以上英文描述,这个问题就是因为操作上没有遵循just-in-time key derivation的要求,没有首先输密码解密再进行其他操作。
有图为证:
----------------以下为正确操作过程:
SQLite version 3.7.15.2 2013-01-09 11:53:05
Enter ".help" for instructions
Enter SQL statements terminated with a ";"
sqlite> PRAGMA KEY = '12345';
sqlite> .schema
CREATE TABLE t(name text);
sqlite> select * from t;
n1
sqlite>
----------------以下为错误操作过程:
Enter SQL statements terminated with a ";"
sqlite> .schema
Error: file is encrypted or is not a database
sqlite> PRAGMA KEY = '12345';
sqlite> .schema
Error: file is encrypted or is not a database
sqlite>
确实如此。
以上过程你可以自己亲自验证以下。
注意:通过命令行( sqlcipher-shell32.exe) 执行命令,与通过sqlite3
api调用操作sqlite3数据库,是一样的道理
参考:
https://www.zetetic.net/sqlcipher/sqlcipher-api/#key
PRAGMA key
The process of creating a new, encrypted database is called “keying” the database. SQLCipher uses just-in-time key derivation at the point it is first needed for an operation. This means that the key (and any options) must be set before the first operationon the database. As soon as the database is touched (e.g.
SELECT, CREATE TABLE, UPDATE,
etc.) and pages need to be read or written, the key is prepared for use.
Example 1: Passphrase with Key Derivation
The key itself can be a passphrase, which is converted to a key using PBKDF2 key derivation. Theresult is used as the encryption key for the database.
sqlite> PRAGMA key = 'passphrase';
Example 2: Raw Key Data (Without Key Derivation)
Alternatively, it is possible to specify an exact byte sequence using a blob literal. With this method, it is the calling application's responsibility to ensure that the data provided is a 64 character hex string, which will be converted directly to 32 bytes(256 bits) of key data.
sqlite> PRAGMA key = "x'2DD29CA851E7B56E4697B0E1F08507293D761A05CE4D1B628663F411A8086D99'";
Testing the Key
When opening an existing database, PRAGMA keywill not immediately throw an error if
the key provided is incorrect. To test that the database can be successfully opened with the provided key, it is necessary to perform some operation on the database (i.e. read from it) and confirm it is success.
The easiest way to do this is select off the sqlite_master table, which will attempt to read the first page of the database and will parse the schema.
sqlite> PRAGMA key = 'passphrase';sqlite> SELECT count(*) FROM sqlite_master; -- if this throws an error, the key was incorrect. If it succeeds and returns a numeric value, the key is correct;
The same check can be implemented in C code
sqlite3_key(database, "test123", 7); if (sqlite3_exec(database, "SELECT count(*) FROM sqlite_master;", NULL, NULL, NULL) == SQLITE_OK) { // key is correct. } else { // key is incorrect }
Implementation Notes
PRAGMA keyshould generally
be called as the first operation on a database.
相关文章推荐
- zabbix 监控客户端数据库 zabbix客户端
- SQL游标
- oracle服务进程和后台进程区别
- 使用Hibernate4处理Oracle XmlType字段类型
- 有关数据库中的游标
- 利用MySQL官方源安装5.6版程序,以及降级安装后无法启动的问题 推荐
- mysql_5.6.24_winx64免安装配置
- 无法加载 DLL“SQLite.Interop.DLL”: 找不到指定的模块。 (异常来自 HRESULT:0x8007007E)。
- MySQL教程
- linux下手工启动oracle centos下手动启动oracle
- centos安装oracle 11g 完全图解
- oracle 后台进程(background process)详解
- Oracle 后台进程 详细
- 与甲骨文长达六年的版权拉锯,谷歌的胜利是软件行业的胜利
- 类型转换对 MySQL 选择索引的影响
- 如何使用XML作为小型数据库
- MySQL 索引详解(并包括了如何分析SQL语句的问题)(强烈推荐)
- SQL注入详解
- Mongodb 研究学习
- 引用 Oracle Form中如何使用COMMIT