Transparent SQLite Encryption. #SQLite encryption #Transparent encryption #Database encryption #Transparent #SQLite #Encryption
SQLCipher provides you with a fully-encrypted SQLite database. It’s fast, especially with transactions and indexes; you generally will only see a 5% performance hit. No unencrypted data is written to disk, SQLite’s page caching allows for decrypted pages to be stored in memory.
The SQLCipher program relies on the peer-reviewed OpenSSL library for several encryption requirements including the AES-256 algorithm, pseudo random number generation, and PBKDF2 key derivation.
Building SQLCipher is almost the same as compiling a regular version of SQLite with two small exceptions:
1. You must define SQLITE_HAS_CODEC 2. You need to link against OpenSSL’s libcrypto with sha256 support compiled in
Compiling with static linking: (replace /opt/local/lib with the path to libcrypto.a) ./configure CFLAGS="-DSQLITE_HAS_CODEC" LDFLAGS="/opt/local/lib/libcrypto.a" make
Compiling with dynamic linking:
./configure CFLAGS="-DSQLITE_HAS_CODEC -lcrypto" make
To specify an encryption passphrase for the database you can use a pragma. The passphrase you enter is hashed using sha256 and the result is used as the encryption key for the database.
PRAGMA key = 'passphrase';
Alternately, you can specify an exact byte sequence using a blob literal. If you use this method it is your responsibility to ensure that the data you provide a 64 character hex string, which will be converted directly to 32 bytes (256 bits) of key data.
PRAGMA key = "x'2DD29CA851E7B56E4697B0E1F08507293D761A05CE4D1B628663F411A8086D99'"; To re-key a database, the PRAGMA rekey is implemented:
PRAGMA rekey = 'newpassphrase';
To encrypt a database programatically you can use the sqlite3_key function. The data provided in pKey is converted to an encryption key according to the same rules as PRAGMA key.
int sqlite3_key(sqlite3 *db, const void *pKey, int nKey);
PRAGMA key or sqlite3_key should be called as the first operation when a database is open.
What's new in SQLCipher 1.1.8:
- This release fixes a bug that could cause SQLCipher to report an error opening a valid database when a specific section of the encrypted header contained certain values.
- It is strongly recommended that all users upgrade to the latest version.
- The new SQLCipher version should be a drop-in replacement for previous releases.
SQLCipher 1.1.8
add to watchlist add to download basket send us an update REPORT- runs on:
- Linux
- main category:
- Security
- developer:
- visit homepage