I am writing a .NET Core 3.1 application that depends on another library (Serilog.Sinks.SQLite) which is attempting to store log data to an SQLite database. Unfortunately, Serilog.Sinks.SQLite does not support passing in a password to System.Data.SQLite via the SQLiteConnectionStringBuilder.Password property (which you provide to the SQLiteConnection constructor) and I would really like that functionality.
The code that Serilog.Sinks.SQLite uses to connect to the database is as follows:
private SQLiteConnection GetSqLiteConnection()
{
var sqlConString = new SQLiteConnectionStringBuilder
{
DataSource = _databasePath,
JournalMode = SQLiteJournalModeEnum.Memory,
SyncMode = SynchronizationModes.Normal,
CacheSize = 500,
PageSize = (int)MaxSupportedPageSize,
MaxPageCount = (int)(_maxDatabaseSize * BytesPerMb / MaxSupportedPageSize)
}.ConnectionString;
var sqLiteConnection = new SQLiteConnection(sqlConString);
sqLiteConnection.Open();
return sqLiteConnection;
}
There are a number of similar posts on StackOverflow about encryption with SQLite stating very convincingly that encryption / password protection of the database is indeed supported by System.Data.SQLite. However, that is not matching my experience.
I grabbed a copy of the Serilog.Sinks.SQLite source in an attempt to prototype a modification to it to support specifying the password. This seems like it should be easy enough to accomplish with the following addition to the above code (specifying the Password property in the connection string):
MaxPageCount = (int)(_maxDatabaseSize * BytesPerMb / MaxSupportedPageSize),
Password = "mypasswordhere"
}.ConnectionString;
Unfortunately, this does not work and results in an exception being thrown on startup with the following message:
Exception has occurred: CLR/System.Data.SQLite.SQLiteException An unhandled exception of type 'System.Data.SQLite.SQLiteException' occurred in LoggingWebApi.dll: 'SQL logic error Cannot use "Password" connection string property: library was not built with encryption support, please see "https://www.sqlite.org/see" for more information'
What is confusing me the most here are the number of other posts I've found claiming that System.Data.SQLite supports this password and the fact that a .NET Framework 4.6 application from another team in my company is using System.Data.SQLite.dll (though an older version 1.0.111.0) and this Password behavior works fine for them.
My code is targeting netcoreap3.1 and my dependency of Serilog.Sinks.SQLite is targeting netstandard2.0 so that is one obvious difference I see. In my modified version of the Serilog.Sinks.SQLite code, I am referencing System.Data.SQLite.Core as follows (added via otnet add package System.Data.SQLite.Core --version 1.0.113.1):
<PackageReference Include="System.Data.SQLite.Core" Version="1.0.113.1" />
Is there something with .NET Core 3.1 or .NET Standard 2.0 that causes System.Data.SQLite.Core to not support the Password connection string property like everyone else seems to think it supports?
I thought maybe my issue was running on Linux so I tried running on my Windows but it produced the same error.
I did find another post referencing a potentially helpful approach but this sample is not using System.Data.SQLite.Core and instead is using SQLitePCLRaw.bundle_e_sqlcipher and I would prefer to avoid rewriting all of the Serilog.Sinks.SQLite code to use a different SQLite client: https://github.com/paragpkulkarni/SQLiteEncryptionUsingEFCore
It seems that System.Data.SQLite has dropped support for encryption as of version 1.0.113.1 which explains why I haven't been able to get it working: https://system.data.sqlite.org/index.html/tktview?name=9c330a3e03
This is also mentioned on their News page though it was not clear to me that the Password support was part of the "legacy CryptoAPI Codec": https://system.data.sqlite.org/index.html/doc/trunk/www/news.wiki
The other team I referred to is using an older version 1.0.111.0 so if you require this support, I guess just don't upgrade...