3.0 Encrypted Databases

An enhanced version of SQLite is available (for both versions 2.8 and 3.3) that encrypts its database files to help prevent unauthorized access or modification. The entire database file is encrypted2. To an outside observer, the database file appears to contain white noise. There is nothing2 that identifies the file as an SQLite database.

The enhanced SQLite with encryption support can continue to read and write ordinary unencrypted databases without any performance penalty. You can use the ATTACH SQL command to attach an encrypted database to an unencrypted database or to attach an unencrypted database to an encrypted one. The password to a database can be changed at any time, though doing so is an expensive operation roughly comparable to VACUUM.

The encryption extension descrypts each page of data as it is read from the disk and reencrypts it as modified versions are written back to the disk. But the primary database file and the rollback journal are encrypted. A very fast encryption algorithm is used, but even so it takes time to do all of that encryption and decryption. So when encryption is enabled, there is about a 50% performance loss.

The encrypted database enhancements for SQLite are available in source-code form for a one-time licensing fee of $2000 (US). A technical support contract is also recommended but is not required. There are no per-copy royalties. The one-time fee entitles the licensee to free copies of all future updates to the code. You can purchase a perpetual license to the SQLite Encryption Extension online or call 1.704.948.4565 or write to sqlite_sales@hwaci.com for additional information.