Comment by TheRealPomax
5 years ago
I'm not sure how slqite as your application file format has anything to do with open source, honestly. It's certainly super easy for open source projects to use, but a closed source proprietary application using an encrypted sqlite file sounds perfectly sensible to me?
We all win when folks decide to leave it accessible, but I'm not going to hold "encrypting a file format so that people can't easily reverse engineer it" against folks who are trying to sell software.
It looks like the actual library to read/write an encrypted SQLite DB is licensed separately from the open source SQLite[1], so even if you have the encryption key, you can't access the encrypted format:
1: https://www.sqlite.org/see/doc/release/www/readme.wiki
> I'm not going to hold "encrypting a file format so that people can't easily reverse engineer it" against folks who are trying to sell software.
I think I'd mostly disagree. Selling an application is one thing, but the data itself is usually customers' and holding their data hostage is not a proper thing to do.
That's a tenuous argument at best, heavily relying on the application in question not offering any way to export your data, which many applications do come with. Just because the file format is locked, doesn't mean the data in it is locked. You just need the application to unlock it.
This is self contradictory.
Listen to what you're saying: the data isn't locked, you just need the... application, to... unlock it.
That's beyond tenuous, it's invalid.
2 replies →
I guess he/she meant that the extension that encrypts the database is proprietary. I believe that was the only option for a while but now there is an open source alternative.
Is the open-source alternative bidirectionally interoperable with the closed-source version (i.e. it can decrypt the proprietary encryption and the proprietary version can decrypt the FOSS version)? If so, then that's handy.
The "officially blessed" (my wording) encryption for SQLite is SEE (proprietary):
https://www.sqlite.org/see/doc/release/www/index.wiki
There are third party encryption approaches for SQLite. One of the most popular is SQLCipher:
https://github.com/sqlcipher/sqlcipher/
Those two don't have compatible file formats. eg no interoperability
Not sure if any others do, but yeah it would be handy if there are.