== SQLite Cipher ==

[Compiling]

Building SQLite Cipher is almost the same as compiling a regular version of SQLite with three small exceptions:

1. building via 'amalgamation' isn't supported (where all sqlite source is merged into one file)

2. you must define SQLITE_HAS_CODEC

3. You need to link against a OpenSSL's libcrypto with sha256 support compiled in

Example Static linking (replace /opt/local/lib with the path to libcrypto.a)

./configure --disable-amalgamation CFLAGS="-DSQLITE_HAS_CODEC" LDFLAGS="/opt/local/lib/libcrypto.a"

make

Example Dynamic linking

./configure --disable-amalgamation CFLAGS="-DSQLITE_HAS_CODEC -lcrypto"

make

[Encrypting a database]

To specify an encryption passphrase for the database you can use a pragma. The passphrase

you enter is hashed using sha256 and the result is used as the encryption key for the

database.

PRAGMA key = 'passphrase';

Alternately, you can specify an exact byte sequence using a blob literal. If you

use this method it is your responsibility to ensure that the data you provide a

64 character hex string, which will be converted directly to 32 bytes (256 bits) of

key data.

PRAGMA key = "x'2DD29CA851E7B56E4697B0E1F08507293D761A05CE4D1B628663F411A8086D99'";

To encrypt a database programatically you can use the sqlite3_key function. The data provided

in pKey is converted to an encryption key according to the same rules as PRAGMA key.

int sqlite3_key(sqlite3 *db, const void *pKey, int nKey);

PRAGMA key or sqlite3_key should be called as the first operation when a database is open.

Note: It is not currently possible to change the encryption key once a database is created. We're

working on implementing rekey functionality.

[License]

== End SQLite Cipher ==