1- == SQLite Cipher ==
1+ == SQLCipher ==
22
3- SQLite Cipher is an SQLite extension that provides transparent 256 bit AES encryption of database files.
4- Pages are encrypted before being written to disk and are decrypted when read back.
3+ SQLCipher is an SQLite extension that provides transparent 256-bit AES encryption of
4+ database files. Pages are encrypted before being written to disk and are decrypted
5+ when read back. Due to the small footprint and great performance it’s ideal for
6+ protecting embedded application databases and is well suited for mobile development.
57
6- Encryption is provided by the OpenSSL crypto library.
8+ The official SQLCipher software site is http://sqlcipher.net
79
8- SQLite Cipher was initially developed by Stephen Lombardo at Zetetic LLC (sjlombardo@zetetic.net) to provide
9- the encrypted database layer for Strip, an iPhone data vault and password manager ( http://www.zetetic.net/products/strip ).
10+ SQLCipher was initially developed by Stephen Lombardo at Zetetic LLC
11+ (sjlombardo@zetetic.net) as the encrypted database layer for Strip,
12+ an iPhone data vault and password manager (http://getstrip.com).
1013
11- The official SQLCipher software site can be found at http://www.zetetic.net/software/sqlcipher
14+ [Features]
1215
13- Issues or support questions on using SQLCipher should be entered into the GitHub Issue tracker:
14-
15- http://github.com/sjlombardo/sqlcipher/issues
16-
17- Please DO NOT post issues, support questions, or other problems to blog posts about SQLCipher as we do not monitor them frequently.
18-
19- If you are using SQLCipher in your own software please let us know at support@zetetic.net!
16+ - Fast performance with as little as 5-15% overhead for encryption on many operations
17+ - 100% of data in the database file is encrypted
18+ - Good security practices (CBC mode, key derivation)
19+ - Zero-configuration and application level cryptography
20+ - Algorithms provided by the peer reviewed OpenSSL crypto library.
2021
2122[Compiling]
2223
23- Building SQLite Cipher is almost the same as compiling a regular version of SQLite with three small exceptions:
24+ Building SQLCipher is almost the same as compiling a regular version of
25+ SQLite with two small exceptions:
2426
25- 1. building via 'amalgamation' isn't supported (where all sqlite source is merged into one file)
26- 2. you must define SQLITE_HAS_CODEC and SQLITE_TEMP_STORE=2 in your application when including SQLCipher
27- 3. You need to link against a OpenSSL's libcrypto with sha256 support compiled in
27+ 1. You must define SQLITE_HAS_CODEC and SQLITE_TEMP_STORE=2 when building sqlcipher
28+ 2. You need to link against a OpenSSL's libcrypto
2829
2930Example Static linking (replace /opt/local/lib with the path to libcrypto.a)
3031
31- ./configure --enable-tempstore=yes CFLAGS="-DSQLITE_HAS_CODEC" LDFLAGS="/opt/local/lib/libcrypto.a"
32- make
32+ $ ./configure --enable-tempstore=yes CFLAGS="-DSQLITE_HAS_CODEC" \
33+ LDFLAGS="/opt/local/lib/libcrypto.a"
34+ $ make
3335
3436Example Dynamic linking
3537
36- ./configure --enable-tempstore=yes CFLAGS="-DSQLITE_HAS_CODEC" LDFLAGS="-lcrypto"
37- make
38+ $ ./configure --enable-tempstore=yes CFLAGS="-DSQLITE_HAS_CODEC" \
39+ LDFLAGS="-lcrypto"
40+ $ make
3841
3942[Encrypting a database]
4043
41- To specify an encryption passphrase for the database you can use a pragma. The passphrase
42- you enter is hashed using sha256 and the result is used as the encryption key for the
43- database.
44+ To specify an encryption passphrase for the database via the SQL interface you
45+ use a pragma. The passphrase you enter is passed through PBKDF2 key derivation to
46+ obtain the encryption key for the database
4447
4548 PRAGMA key = 'passphrase';
4649
4750Alternately, you can specify an exact byte sequence using a blob literal. If you
4851use this method it is your responsibility to ensure that the data you provide a
495264 character hex string, which will be converted directly to 32 bytes (256 bits) of
50- key data.
53+ key data without key derivation .
5154
5255 PRAGMA key = "x'2DD29CA851E7B56E4697B0E1F08507293D761A05CE4D1B628663F411A8086D99'";
5356
54- To encrypt a database programatically you can use the sqlite3_key function. The data provided
55- in pKey is converted to an encryption key according to the same rules as PRAGMA key.
57+ To encrypt a database programatically you can use the sqlite3_key function.
58+ The data provided in pKey is converted to an encryption key according to the
59+ same rules as PRAGMA key.
60+
5661
5762 int sqlite3_key(sqlite3 *db, const void *pKey, int nKey);
5863
5964PRAGMA key or sqlite3_key should be called as the first operation when a database is open.
6065
6166[Changing a database key]
6267
63- To change the encryption passphrase for an existing database you should use the rekey pragma
68+ To change the encryption passphrase for an existing database you may use the rekey pragma
6469after you've supplied the correct database password;
6570
6671 PRAGMA key = 'passphrase'; -- start with the existing database passphrase
67- PRAGMA rekey = 'new-passphrase'; -- rekey will reencrypt the database with the new passphrase
72+ PRAGMA rekey = 'new-passphrase'; -- rekey will reencrypt with the new passphrase
6873
6974The hexrekey pragma may be used to rekey to a specific binary value
7075
@@ -74,12 +79,22 @@ This can be accomplished programtically by using sqlite3_rekey;
7479
7580 sqlite3_rekey(sqlite3 *db, const void *pKey, int nKey)
7681
77- [Encrypting a standard database]
82+ [Support]
83+
84+ The primary avenue for support and discussions is the SQLCipher users mailing list:
85+
86+ http://groups.google.com/group/sqlcipher
87+
88+ Issues or support questions on using SQLCipher should be entered into the
89+ GitHub Issue tracker:
90+
91+ http://github.com/sjlombardo/sqlcipher/issues
92+
93+ Please DO NOT post issues, support questions, or other problems to blog
94+ posts about SQLCipher as we do not monitor them frequently.
7895
79- Encrypting a standard, plaintext SQLite database is not supported at this time. We are currently
80- working on a resolution to the problem. In the mean time it is easiest to start out with an
81- encrypted database if possible. Alternately it should be possible to open a standard database,
82- ATTACH an encrypted DB, and then copy your tables and data between the two.
96+ If you are using SQLCipher in your own software please let us know at
97+ support@zetetic.net!
8398
8499[License]
85100
@@ -108,7 +123,7 @@ ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
108123(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
109124SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
110125
111- == End SQLite Cipher ==
126+ == End SQLCipher ==
112127
113128This directory contains source code to
114129
0 commit comments