1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
|
# name: test/sql/attach/attach_encryption_downgrade_prevention.test
# description: Ensure crypto cipher can not be downgraded to strip integrity checks
# group: [attach]
load __TEST_DIR__/tmp.db
require httpfs
# This is unsafe: an attacker could manipulate
statement error
ATTACH 'data/attach_test/encrypted_ctr_key=abcde.db' as enc (ENCRYPTION_KEY 'abcde');
----
explicitly specifying the encryption cipher
# For CTR we need to specify the cipher to ensure we don't accidentally downgrade the cipher
statement ok
ATTACH 'data/attach_test/encrypted_ctr_key=abcde.db' as enc1 (ENCRYPTION_KEY 'abcde', ENCRYPTION_CIPHER 'CTR');
# For GCM this is no problem
statement ok
ATTACH 'data/attach_test/encrypted_gcm_key=abcde.db' as enc2 (ENCRYPTION_KEY 'abcde');
|
