Skip to content

Commit c8f4309

Browse files
sjlombardosjlombardo
committed
Update README to reflect current build options, hex key pragmas, and rekey functionality
1 parent 59ef6e1 commit c8f4309

File tree

1 file changed

+23
-5
lines changed

1 file changed

+23
-5
lines changed

README

Lines changed: 23 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -19,12 +19,12 @@ Building SQLite Cipher is almost the same as compiling a regular version of SQLi
1919

2020
Example Static linking (replace /opt/local/lib with the path to libcrypto.a)
2121

22-
./configure --disable-amalgamation CFLAGS="-DSQLITE_HAS_CODEC" LDFLAGS="/opt/local/lib/libcrypto.a"
22+
./configure CFLAGS="-DSQLITE_HAS_CODEC" LDFLAGS="/opt/local/lib/libcrypto.a"
2323
make
2424

2525
Example Dynamic linking
2626

27-
./configure --disable-amalgamation CFLAGS="-DSQLITE_HAS_CODEC -lcrypto"
27+
./configure CFLAGS="-DSQLITE_HAS_CODEC -lcrypto"
2828
make
2929

3030
[Encrypting a database]
@@ -40,7 +40,7 @@ use this method it is your responsibility to ensure that the data you provide a
4040
64 character hex string, which will be converted directly to 32 bytes (256 bits) of
4141
key data.
4242

43-
PRAGMA key = "x'2DD29CA851E7B56E4697B0E1F08507293D761A05CE4D1B628663F411A8086D99'";
43+
PRAGMA hexkey = '2DD29CA851E7B56E4697B0E1F08507293D761A05CE4D1B628663F411A8086D99';
4444

4545
To encrypt a database programatically you can use the sqlite3_key function. The data provided
4646
in pKey is converted to an encryption key according to the same rules as PRAGMA key.
@@ -49,8 +49,26 @@ in pKey is converted to an encryption key according to the same rules as PRAGMA
4949

5050
PRAGMA key or sqlite3_key should be called as the first operation when a database is open.
5151

52-
Note: It is not currently possible to change the encryption key once a database is created. We're
53-
working on implementing rekey functionality.
52+
[Changing a database key]
53+
54+
To change the encryption passphrase for an existing database you should use the rekey pragma
55+
after you've supplied the correct database password;
56+
57+
PRAGMA key = 'passphrase'; -- start with the existing database passphrase
58+
PRAGMA rekey = 'new-passphrase'; -- rekey will reencrypt the database with the new passphrase
59+
60+
The hexrekey pragma may be used to rekey to a specific binary value
61+
62+
PRAGMA hexrekey = '2DD29CA851E7B56E4697B0E1F08507293D761A05CE4D1B628663F411A8086D99';
63+
64+
This can be accomplished programtically by using sqlite3_rekey;
65+
66+
sqlite3_rekey(sqlite3 *db, const void *pKey, int nKey)
67+
68+
[Encrypting a standard database]
69+
70+
To encrypt a standard (non-enrypted) database file, use the rekey methods described above, but
71+
don't provide an initial key..
5472

5573
[License]
5674

0 commit comments

Comments
 (0)