Comments (27)
Yeah, we're forbidden to release the SQLite Encryption Extension source code. A few bits of our EE functionality are closed-source just to act as a roadblock to competitors who might want to copy our inhumanly-advanced technology 👽😜
from couchbase-mobile-tools.
It shouldn't be a problem unless the file format changes incompatibly, which doesn't happen much.
In the future I'm hoping we can make the tool official, so there will be updated binary builds available for all supported platforms.
from couchbase-mobile-tools.
if what you're given really is someone's password, you should hash it in some way.
A password has to be hashed, because encryption algorithms use fixed-size keys. PBKDF2 actually runs thousands of rounds of hashing, to slow it down so that brute-force cracking by testing lots of passwords will take a long time.
the keys we've been using are 32 bytes, although switching to 64 wouldn't be the end of the world
Our keys are 32 bytes. That's 64 digits.
from couchbase-mobile-tools.
I've pinged @borrrden to build it and send me the EXE. I'll upload it to the Releases tab.
from couchbase-mobile-tools.
Excellent! Just opened an encrypted database with it! Thank you for your help!
from couchbase-mobile-tools.
We will be releasing another one when we release 2.8 of Couchbase Lite, which is scheduled for mid next month.
from couchbase-mobile-tools.
You can’t build the Enterprise Edition yourself. That’s sort of the point; it’s the thing Couchbase charges money for. If you want to use EE features, contact our sales team to get a license.
Some parts of CBL-EE are closed-source. In particular, database encryption is handled by the SQLite Encryption Extension, which is likewise a commercial product, that we’ve licensed from the SQLite developers. It’s not available without a license from them.
from couchbase-mobile-tools.
Yes, I understand that enterprise features require a license/money. But it was unclear to me until right now that the enterprise code was closed-source, especially because the enterprise nuget packages are publicly available without prior purchase of a license.
from couchbase-mobile-tools.
That and Couchbase support seemed unaware of the permissions for the couchbase-lite-ee repository, as they directed me to try to find it without pointing me toward licensing.
from couchbase-mobile-tools.
Gotcha, so can we get to the SQLite source code with a Couchbase license? I assume we need that to build cblite in addition to the Couchbase source.
from couchbase-mobile-tools.
There is no way to obtain the SQLite Encryption Extension source code without getting your own license from SQLite.
Sorry, I just now realized that your basic question is how to use the cblite
tool with an encrypted database. The answer is that we should provide a binary of cblite
built with EE. I'll try to make that happen.
from couchbase-mobile-tools.
What platform are you on? I can do a Mac build myself; others I'd need to ask @borrrden.
from couchbase-mobile-tools.
No worries. I'm on Windows, and everyone else on the team who needs cblite will be using Windows as well. If you provide me with a binary, how can we make sure to have the latest EE build for cblite in the future?
from couchbase-mobile-tools.
Okay great. Do you also have instructions for using the EE version that details the differences in the interface? i.e. will I need extra guidance to figure out how to pass an encryption key to cblite to inspect the encrypted database?
from couchbase-mobile-tools.
Good point; I'll document those when we upload a binary. IIRC there's a --password
flag to give the password/key.
from couchbase-mobile-tools.
FYI, we've been using the Couchbase Lite EncryptionKey
constructor that takes a byte array in order to encrypt and decrypt the database. Does the --password
parameter get decoded into a byte array using a particular encoding scheme? If we know that we can convert our encryption keys to strings and use them with cblite.
from couchbase-mobile-tools.
We use the PBKDF2 algorithm to convert a password to a key. That operation isn't reversible.
Currently the tool will try to open the db, then if it detects that it's [probably] encrypted, it will prompt for a password on stdin. I can improve that to support a raw key; the easiest way would be to detect if you've entered 64 hex digits and parse that as a raw key not a password.
from couchbase-mobile-tools.
Oh right, if what you're given really is someone's password, you should hash it in some way.
That enhancement would be great for us; the tool won't really work for our use case if it can't accept a raw key. For better or worse, our design hinges on supplying the database with our own key. However, the keys we've been using are 32 bytes, although switching to 64 wouldn't be the end of the world for us by any means. Would the update you're proposing be flexible enough to detect both 64 and 32 hex digits? Because the Couchbase Lite databases certainly allow a range of key sizes, though I'm not certain what the upper and lower limits are.
from couchbase-mobile-tools.
Right, forgot how hex works. 😢
I see you already made the relevant commit. How do I go about getting the binary from you?
from couchbase-mobile-tools.
Someone else here who has Windows and MSVC will have to build it, most likely @borrrden.
from couchbase-mobile-tools.
Great, just keep me posted.
from couchbase-mobile-tools.
Any updates on the build for this?
from couchbase-mobile-tools.
from couchbase-mobile-tools.
Hello cblite team, would it be possible to get another EE build with the latest features, in particular the lovely "info" command?
from couchbase-mobile-tools.
Is there another way to view the contents of an index, even if that's through the SDK?
from couchbase-mobile-tools.
No. The mechanism for inspecting a SQLite index is kind of ugly, and the SQLite docs warn that it shouldn't be relied on in production, so there is deliberately no public CBL API for it. The cblite
tool is using a private API that was put there for its use only.
Until we release another EE build, you could decrypt a copy of your database, build your own CE cblite
tool, and work with the decrypted db.
from couchbase-mobile-tools.
Ah, that's unfortunate, but obviously not your fault. The database I happen to be inspecting isn't one of our encrypted databases, so I can actually just build the CE cblite
as you say and get that to do what I need for now.
Thanks!
from couchbase-mobile-tools.
Related Issues (20)
- cblite: N1QL parse fails with `AND` after `END` HOT 1
- cblite+query: Error: N1QL syntax error near character HOT 2
- cannot build on Mac OS X (10.14.6/Mojave) HOT 9
- cblite ls Pattern matching is broken HOT 5
- Is there a way to "cblite cp" and filter by channel(s)? HOT 1
- CBL CLI Docs for PULL & PUSH HOT 1
- Windows installer does not open when clicked HOT 1
- CBlite CLI issue with -cacert flag in windows HOT 1
- "cat" displays deleted doc as empty
- Opening encrypted databases 2.8 with cblite HOT 4
- Docs - bubble up Query --explain HOT 2
- cblite - use session tokens for authentication HOT 1
- Compilation of cblite fails HOT 3
- Create indexes Via CLI Tool
- cant do cmake on ubuntu 22.04 HOT 3
- Issue building cblite on Windows 11 with MinGW HOT 1
- Can't run cblite on macOS Ventura HOT 1
- Purge for CBL Tool
- cblite: array_agg does not work HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from couchbase-mobile-tools.