SQLite database encryption

 

SQLite is an in-process library that implements a self-contained, serverless, zero-configuration, transactional SQL database engine. By default SQLite open-source database engine does not provide any encryption mechanism.

The encryption module available for purchase here ciphers SQLite database contents using AES 256-bit key algorithm. Each page is encrypted or decrypted on the fly using a combination of the master key/password and page number. The encryption/decryption is done automatically by the SQLite database engine as soon as encryption is enabled.

The source code available for purchase is written in C language and can be compiled using GNU C Compiler.

The encryption module does not require any external libraries, has been developed in C language and is guaranteed to work with:

  • SQLite open-source database version 3.20 - 3.23
  • Linux based OS distribution such as Ubuntu
  • PHP 7.x with SQLite support enabled

The module supports hardware AES instruction set, which provides robust performance taking advantage of processors' native encryption procedures.
Please note not all processors have built-in support for AES encryption. Please refer to your processor's manufacturer documentation for details. On a Linux platform this can be quickly checked by executing the following command:

grep -o aes /proc/cpuinfo
Using CPU hardware encryption support is highly recommended, sample test results are as follows:

os:           Ubuntu 16.04 LTS
cpu:          4 x Intel(R) Core(TM) i5-2410M CPU @ 2.30GHz
ram:          6GB
aes test:     {16 byte block encryption using 128 bit key (16 bytes)} x 1024000 times
results:      AES-NI	0.058057
              AES       4.766724
              hardware AES-NI 82.104208 times faster than software AES

The encryption module is known to work well with other systems and software packages, however we do not guarantee and support such solutions. We provide only the source code, which has to be compiled in order to work. We do not compile the source code and for this reason support for this product is limited.

SQLite open-source database license

SQLite is in the Public Domain. Please see SQLite licensing terms here.
All of the code and documentation in SQLite has been dedicated to the public domain by the authors. All code authors, and representatives of the companies they work for, have signed affidavits dedicating their contributions to the public domain and originals of those signed affidavits are stored in a firesafe at the main offices of Hwaci. Anyone is free to copy, modify, publish, use, compile, sell, or distribute the original SQLite code, either in source code form or as a compiled binary, for any purpose, commercial or non-commercial, and by any means.

SQLite database encryption module license

The SQLite encryption module offered for purchase here is not in the Public Domain.
The source code license is not limited for non commercial use and:

  • YOU MAY use the encryption module for your PERSONAL and COMMERCIAL solutions
  • YOU MAY MODIFY the source code for your own purposes, for example add other encryption algorithms
  • YOU MAY NOT resell the source code or its modified version

C language:

				
sqlite3 *db;
int rc;
/* Open database file test.db */
rc = sqlite3_open("test.db", &db);

if(rc){
	fprintf(stderr, "Error opening database: %s\n", sqlite3_errmsg(db));
	return(0);
} else {
	fprintf(stdout, "Opened database successfully\n");
}

/* encryption password is "abc", password length is 3 chars */
sqlite3_key(db, "abc", 3);


/* ... do something here ... */


/* change the encryption key to "abcd"  */
/* all pages will be re-encrypted */

rc = sqlite3_rekey(db, "abcd", 4);

/* "abcd" is now the database password, password length is 4 chars */

/* close database */
sqlite3_close(db);
				
				

PHP (compiling PHP with SQLite support and the encryption module required):
								
<?php

class MyDB extends SQLite3
{
	function __construct()
	{
		/* encryption key/password is "abc"  */
		$this->open('mysqlitedb.db', SQLITE3_OPEN_READWRITE, 'abc');
	}
}

$db = new MyDB();

$db->exec('CREATE TABLE foo (bar STRING)');
$db->exec("INSERT INTO foo (bar) VALUES ('This is a test')");

$result = $db->query('SELECT bar FROM foo');
var_dump($result->fetchArray());

?>				
				
				

Answer

Yes, you may. You may even modify it for your own purposes, however you may not resell it.

Answer

You will be able to download compressed package (gzip) with the following files:
- SQLite database ver. 3.23
- SQLite encryption module ver. 1.01
- GNU Make file and additional files (license, help, etc.)
Please note you will have to compile the source files yourself.

Answer

Yes, it is. You can use the encryption module available for purchase here with the SQLite Public Domain License.

You are welcomed to write your own encryption layer. SQLite is completely free and you can do whatever you like with it.

Dr Richard Hipp ,April 21, 2018

Answer

The license is perpetual only for the specific version of the module you purchase. If a new version is published, a new license will be required.

Answer

EU GDPR regulations require personal data to be protected. The encryption module has built-in AES 256 bit encryption and is suitable for GDPR purposes.

Answer

You need the GNU C Compiler. It is available for free.

Please note we offer limited support for this product. Our support is limited to the following cases:

  • compiling original, not modified source files
  • compiling original, not modified source files with PHP 7 on Ubuntu Linux OS