SQLCipher Community Edition is an open source library that provides transparent, full database encryption for SQLite. It is available as source code that can be compiled for Linux and other Unix-like platforms.
Before building SQLCipher from source, ensure the following dependencies are installed on your system:
libcrypto)On Debian and Ubuntu-based systems:
$ sudo apt-get install build-essential libssl-dev tcl-dev
On Red Hat, Fedora, or CentOS-based systems:
$ sudo dnf install gcc make openssl-devel tcl-devel
To get started, clone the SQLCipher source code from GitHub:
$ git clone https://github.com/sqlcipher/sqlcipher.git
$ cd sqlcipher
Building SQLCipher is similar to compiling a regular version of SQLite with a few additional requirements. The build must:
SQLITE_HAS_CODECSQLITE_TEMP_STORE=2 or SQLITE_TEMP_STORE=3 (or use configure’s --with-tempstore=yes option)SQLITE_EXTRA_INIT=sqlcipher_extra_init and SQLITE_EXTRA_SHUTDOWN=sqlcipher_extra_shutdownSQLITE_THREADSAFE to 1 or 2 (enabled automatically by configure)HAVE_STDINT_H (if building outside of the ./configure flow and uint64_t is not available without stdint.h)The following example demonstrates use of OpenSSL, which is a readily available provider on most Linux systems. Note that --with-tempstore=yes sets SQLITE_TEMP_STORE=2 for the build, and SQLITE_THREADSAFE has a default value of 1.
$ ./configure --with-tempstore=yes CFLAGS="-DSQLITE_HAS_CODEC -DSQLITE_EXTRA_INIT=sqlcipher_extra_init -DSQLITE_EXTRA_SHUTDOWN=sqlcipher_extra_shutdown" LDFLAGS="-lcrypto"
$ make
After a successful build, the sqlcipher command line tool will be available. You can use it to create and interact with encrypted databases.
To run the SQLCipher-specific test suite after building:
$ ./configure --with-tempstore=yes --enable-fts5 CFLAGS="-DSQLITE_HAS_CODEC -DSQLITE_EXTRA_INIT=sqlcipher_extra_init -DSQLITE_EXTRA_SHUTDOWN=sqlcipher_extra_shutdown -DSQLCIPHER_TEST" LDFLAGS="-lcrypto"
$ make testfixture
$ ./testfixture test/sqlcipher.test
Once built, you can use the sqlcipher command line tool to create and access encrypted databases:
$ ./sqlcipher demo.db
sqlite> PRAGMA key = 'passphrase';
sqlite> CREATE TABLE t1(a, b);
sqlite> INSERT INTO t1(a, b) VALUES('row one, column one', 'row one, column two');
sqlite> SELECT * FROM t1;
The PRAGMA key command or sqlite3_key() C function must be the first operation performed after opening a database. The passphrase is processed through PBKDF2 key derivation to produce the encryption key. Alternatively, a raw hex key can be used directly to bypass key derivation:
PRAGMA key = "x'2DD29CA851E7B56E4697B0E1F08507293D761A05CE4D1B628663F411A8086D99'";
To change the key on an existing encrypted database:
PRAGMA key = 'current_passphrase';
PRAGMA rekey = 'new_passphrase';
While SQLCipher Community Edition is free for use, the build process can be both difficult and time consuming. Pre-built Commercial Edition packages are available for purchase and include optimized binaries, advanced features, and priority support.