Search code examples
sqliterustencryptionrusqlite

How do I query an SEE encrypted database using rusqlite?


I have SQLite Encryption Extensions (SEE) and I'm trying to use an encrypted database in a Rust program using rusqlite. I tried getting this to work on my Linux workstation using the following test program. I also have a production service in Docker that is supposed to be encrypted as well. I can't get either to work with an encrypted database.

main.rs

use rusqlite::{Connection, Result};

fn main() {
    let cn = Connection::open("test.db").unwrap();
    cn.pragma_update(None, "key", "aes256:mysupersecretkey").unwrap();

    // Any query returns "file is not a database" error.
    // ...
}

Cargo.toml

[package]
name = "sqlite_encryption"
version = "0.1.0"
edition = "2021"

[dependencies]
rusqlite = "0.30.0"

I do not want to use the "bundled" option for rusqlite since I need to provide my own SQLite and I am not using SQLCypher. I can get the application to build, but it won't query the database without giving an error.

I created a custom build script to simplify testing. The see-sources directory contains the sqlite3.c and sqlite3.h files that I need compiled:

#!/bin/bash

# Contains libsqlite3.so
export SQLITE3_LIB_DIR=pathto/sqlitelibs
export SQLITE3_INCLUDE_DIR=pathto/see-sources

cargo run

Please help me figure out how to connect to an SEE encrypted database using rusqlite.

Thank you.

Edit: Alternate possibility of answering the same question. Don't worry about SEE and just provide an example on how to statically link to a custom build of SQLite. I might be able to use the same steps to fix the problem using SEE.


Solution

  • Finally figured it out. Here is what I had to do to get my project to build with SQLite SEE:

    First, the SQLite SEE source must be compiled to a static library

    OUT_DIR=system-lib
    rm -rf $OUT_DIR
    mkdir -p $OUT_DIR
    
    # Extracted sources files from SQLite-SEE
    cd see-sources
    
    echo "Buildig libsqlite3.so"
    gcc -fPIC -shared -o ../$OUT_DIR/libsqlite3.so sqlite3-see.c
    
    echo "Building static library"
    gcc -c sqlite3-see.c -o libsqlite3.o
    ar -crs libsqlite3.a libsqlite3.o
    rm libsqlite3.o
    mv libsqlite3.a ../$OUT_DIR
    cp sqlite3.h ../$OUT_DIR
    cd ..
    

    system-lib will contain these files:

    libsqlite3.so
    libsqlite3.a
    sqlite3.h
    

    Then, the rust project can be built by setting these environment variables:

    export SQLITE3_LIB_DIR=system-lib
    export SQLITE3_INCLUDE_DIR=system-lib
    export SQLITE3_STATIC=1
    cargo build --release