Add encrypted SQLCipher WatermelonDB JSI #1635
Conversation
Changes: - add a flag if using encrypted DB - install openssl if using encrypted db
- add pathes to cipher amalgamation based on the flags. - add openSSL lib
ororsatti
changed the title
|
@radex I can not seem to run the ios/android tests properly, any chance you help me with it? |
|
Hey guys, Thanks for your great work on this, and thanks for the great library Is this PR still alive? Is there still interest in Nozbe in adding encryption to the DB? I was able to make something work based on this PR #907, but of course, it does not support JSI. @ororsatti, does your PR work? I just did a test, but it seems that the DB is not getting encrypted (Android). |
I'm using it in several production apps, so yep. |
@ororsatti thank you very much for your valuable help on this. Indeed your PR works as expected. @radex would it be preferable to make it into a separate adapter? Or just as an option to the base SQLite adapter as is with this PR? |
I don't think making it an adapter is the right decision. |
You can think about it like it's a car. |
|
Hey! just wanted to check if this PR is still alive |
im still maintaining it from time to time, but i don't think the lib owner merges community PRs... |
That's quite sad. Adding encryption definitely is important, if not a requirement nowadays. Then I guess we have to fork 🫡 When I was looking at this library, I was hoping it had some sort of encryption capabilities, but I quickly left it as it came to my understanding that such a thing is probably not coming in the near future for this lib. |
well this pr works, this pr in particular was used by me in production multiple times, and by a few more of the community... you can just use it. the conflicts doesn't seem that bad tbh |
|
i have tried to use the codes in this PR but there are build errors e.g. this seems to be caused by conflicting sqlite pod in my app, my app also include other libraries which includes sqlite and these could hgave caused the redefinition error. anyone has a solution this issue? |
Hi, how did you get it to encrypt in android? I haven't tried on IOS since I don't need it there. Android I am able to build but the database is not encrypted. Thanks! |
|
Hi, since securely storing a passphrase (e.g., with Expo SecureStore) requires asynchronous retrieval, how are you handling that with WatermelonDB’s initialization? Given that WatermelonDB is typically initialized at the top level where async/await can’t be used? Thanks |
|
any update on this? |
hm? I had a user private key to work with. Didn't need to store anything? |
:( |
|
@radex Encryption with New Arch and jsi is a must now given encryption at rest is extremely important. Please give us a timeline on this. Using forks is risky |
Based on PR Nozbe#1635 from Nozbe/WatermelonDB: - Add SQLCipher amalgamation files - Update native C++ to accept password parameter - Add iOS SQLCipher support via podspec ($isEncryptedDB flag) - Add Android SQLCipher support via build.gradle and CMakeLists.txt - Add passphrase option to SQLiteAdapterOptions
## Summary This PR adds SQLCipher encryption support to WatermelonDB, enabling encrypted SQLite databases on iOS and Android. Based on Nozbe#1635, merged and refined for our needs. Key changes: - New passphrase option in SQLiteAdapter to enable database encryption - Bundled SQLCipher amalgamation (sqlite3.c/h) for native encryption support - Automatic plaintext database detection and wipe - when encryption is enabled (passphrase provided) and an existing unencrypted database is detected via isPlaintextSqlite(), the database files are automatically wiped and recreated as encrypted. This prevents encryption errors when switching from plaintext to encrypted mode. - Optimized plaintext detection - reads only the first 16 bytes of the file to check for SQLite header signature, avoiding full database open - Fork configuration - updated package name to @pinginc/watermelondb and URLs to pinginc repository for npm publishing Usage ``` const adapter = new SQLiteAdapter({ schema, passphrase: 'your-encryption-key', // enables SQLCipher encryption }) ``` > [!NOTE] > > When passphrase is provided and the existing database is unencrypted (plaintext), the database will be automatically wiped (deleted and recreated). This happens because SQLCipher cannot open a plaintext database with encryption enabled. Added to avoid crash errors. Ensure you handle data migration or backup before enabling encryption on an existing unencrypted database. ## Checklist - [x] I have updated the summary to explain what's changed. - [x] I have added unit and integration tests to cover the new functionality. - [x] I have followed the [PR Guidelines](https://timebyping.atlassian.net/wiki/spaces/TECH/pages/1629126657/Pull+Request+PR+Guidelines). --------- Co-authored-by: Jin Soo Lim <jinsoo601@gmail.com>
|
Hi, friend, I installed your package, but for some reason encryption isn't working. I set the isEncryptedDB variable to true, and I also saw encryptedDB in the code, which was also set to true. What could be the problem? How can I find the problem? Thank you very much for your work. @ororsatti |
Hello bud, I do not know exactly whats going on on your side, nor can I debug this remotely. I used to try and maintain this pr but since there seems to be no interest from the maintainers in this PR, I'm not going to invest any more time trying to keep it alive. Very much sorry, |
|
@radex Can you please look into @ororsatti 's PR ... This feature (Encryption) is very important especially when considering Offline first db |
9 participants
ideally i'd like to avoid adding to the non-JSI version since its going to be less and less supported as we progress with JSI in RN.
TODO: