[Botan-devel] SQLite3 encryption codec with Botan

Mr Diggilin mr.diggilin at gmail.com
Tue Apr 21 21:37:02 EDT 2009


> > It makes things easier, otherwise I'd have to generate two mac keys
> > (one for read, one write) even though they are only going one way.
> 
> Could you explain this? I don't really understand why you would need
> two keys in this usage.

A codec has a readKey and a writeKey. On creation, and usually, they are
both identical. However, during a rekey operation (which can either mean
encryption of an unencrypted DB, unencryption of an encrypted db, or the
changing of the key for an encrypted db), they will be different.
So, in order to have a separate mac key, and ensure that the same IV
gets generated for the same key, etc. I'd need to create a mac key to
mirror the currently used key... which, I think, is a tad ugly.
Thanks again for your assistance,
-Oli D




More information about the botan-devel mailing list