mirror of
https://github.com/aljazceru/turso.git
synced 2025-12-26 12:34:22 +01:00
c2208a542a
This patch adds support for per page encryption. The code is of alpha quality, was to test my hypothesis. All the encryption code is gated behind a `encryption` flag. To play with it, you can do: ```sh cargo run --features encryption -- database.db turso> PRAGMA key='turso_test_encryption_key_123456'; turso> CREATE TABLE t(v); ``` Right now, most stuff is hard coded. We use AES GCM 256. This information is not stored anywhere, but in future versions we will start saving this info in the file. When writing to disk, we will generate a cryptographically secure random salt, use that to encrypt the page. Then we will store the authentication tag and the salt in the page itself. To accommodate this encryption hardcodes reserved space of 28 bytes. Once the key is set in the connection, we propagate that information to pager and the WAL, to encrypt / decrypt when reading from disk. Reviewed-by: Jussi Saurio <jussi.saurio@gmail.com> Closes #2567