For SQLCipher: GNOME Data Access 5 manual

For SQLCipher

The SQLCipher database provider allows one to connect to a database encrypted using the SQLCipher adaptations to the SQLite database. This section deals about how to manage the passphrase associated with a database file, please also consult the information provided by SQLCipher before attempting to use this database provider.

The first noticeable point is that any SQLite database file can be opened using the SQLCipher and will remain useable with the "standard" SQLite provider as long as it's not explicitely encrypted using a passphrase.

How to create and encrypted database

To create an encrypted database, you can use the gda-sql and when prompted enter the requested passphrase, as:

prompt> gda-sql-5.0 "SQLCipher://DB_NAME=testcrypt"
Welcome to the GDA SQL console, version 5.1.0

Type: .copyright to show usage and distribution terms
      .? for help with internal commands
      .q (or CTRL-D) to quit
      (the '.' can be replaced by a '\')
      or any query terminated by a semicolon

Opening connection 'c0' for: SQLCipher://DB_NAME=testcrypt
	Password for 'c0':

How to encrypt an existing plaintext database to an encrypted database file

To encrypt an existing (SQLite) database, connect to the plaintext database using the SQLCipher provider and execute the following SQL commands (replace the passphrase with the requested passphrase):

ATTACH DATABASE 'encrypted.db' AS encrypted KEY 'passphrase';
SELECT sqlcipher_export('encrypted');
DETACH DATABASE encrypted;

This step prevents opening the database file by the "standard" SQLite provider.

How to change the passphrase of an encrypted database

To change an encrypted database's passphrase, open a connection to the database and enter the following SQL command (replace the passphrase with the requested new passphrase):

PRAGMA rekey = 'passphrase';

How to decrypt an existing database to a plaintext database

To decrypt an existing encrypted database, connect to the database using the SQLCipher provider and execute the following SQL commands (replace the passphrase with the requested passphrase):

ATTACH DATABASE 'plaintext.db' AS plaintext KEY '';
SELECT sqlcipher_export('plaintext');
DETACH DATABASE plaintext;

This step allows opening the database file by the "standard" SQLite provider.

Also refer to the SQLite's provider's notes, and SQLCipher provider's limitations.