The SQLCipher database provider allows one to connect to a database encrypted using the SQLCipher adaptations to the SQLite database. This section deals about how to manage the passphrase associated with a database file, please also consult the information provided by SQLCipher before attempting to use this database provider.
The first noticeable point is that any SQLite database file can be opened using the SQLCipher and will remain useable with the "standard" SQLite provider as long as it's not explicitely encrypted using a passphrase.
To create an encrypted database, you can use the gda-sql and when prompted enter the requested passphrase, as:
prompt> gda-sql-5.0 "SQLCipher://DB_NAME=testcrypt" Welcome to the GDA SQL console, version 5.1.0 Type: .copyright to show usage and distribution terms .? for help with internal commands .q (or CTRL-D) to quit (the '.' can be replaced by a '\') or any query terminated by a semicolon Opening connection 'c0' for: SQLCipher://DB_NAME=testcrypt Password for 'c0':
To encrypt an existing (SQLite) database, connect to the plaintext database using the SQLCipher provider and execute the following SQL commands (replace the passphrase with the requested passphrase):
ATTACH DATABASE 'encrypted.db' AS encrypted KEY 'passphrase'; SELECT sqlcipher_export('encrypted'); DETACH DATABASE encrypted;
This step prevents opening the database file by the "standard" SQLite provider.
To change an encrypted database's passphrase, open a connection to the database and enter the following SQL command (replace the passphrase with the requested new passphrase):
PRAGMA rekey = 'passphrase';
To decrypt an existing encrypted database, connect to the database using the SQLCipher provider and execute the following SQL commands (replace the passphrase with the requested passphrase):
ATTACH DATABASE 'plaintext.db' AS plaintext KEY ''; SELECT sqlcipher_export('plaintext'); DETACH DATABASE plaintext;
This step allows opening the database file by the "standard" SQLite provider.
Also refer to the SQLite's provider's notes, and SQLCipher provider's limitations.