How is encryption implemented?


#1

Hi

I’m analyzing the security of an application that uses Couchbase Lite, so i would like to know as much as possible about the database encryption.

I see that it used to be implemented with SQLCipher. Is this still the case? If not, it would be nice to know, for example, if each database page is encrypted individually, how the key is derived from the password, if the entire database file appears to contain random data. I would be very helpful to have some information at the same level of detail as SQLCipher has on: https://www.zetetic.net/sqlcipher/design/


#2

Couchbase Lite uses SQLCipher in 1.x releases, and 2.x releases uses SEE (SQLite Encryption Extension). You can find SEE documentation here:
https://www.sqlite.org/see/doc/trunk/www/readme.wiki

In the Docs section on Couchbase website, if you navigate to Couchbase Lite 2.1, and pick any language you use, and search Database Encryption, you will get implementation examples.
https://docs.couchbase.com/couchbase-lite/2.1/java.html

Database encryption is an Enterprise Edition feature of Couchbase Lite.


#3

This post was flagged by the community and is temporarily hidden.


#4

There is a section in the Couchbase Server 6.0 documentation talks about on-disk data encryption, here is the link:
https://docs.couchbase.com/server/6.0/manage/manage-security/manage-connections-and-disks.html#protecting-physical-media