Database Encryption - ODBC Driver for SQLite

How SQLite Database Encryption Works

The SQLite database engine provides the ability to work with encrypted databases. The SQLite client library performs low-level encryption and decryption on the fly: database files are encrypted or decrypted during read/write operations. These operations are completely transparent to the applications accessing the database. However, the official SQLite client library doesn't support encrypting database files by default. Instead, you need to use a custom version of SQLite with encryption extensions.

Database Encryption with ODBC Driver for SQLite

Devart ODBC Driver for SQLite provides built-in encryption capabilities in the Direct mode, which allows you to perform the following:

encrypt a database;
connect to an encrypted database;
change the encryption key of a database;
decrypt a database.

Note: There are no standard requirements for implementing SQLite database encryption. The implementation of database encryption in the connector is only compatible with other Devart products for SQLite:

The connector can work with databases that were encrypted by itself or other Devart products.

Encrypting a Database

The PRAGMA ENCRYPTION statement specifies the encryption algorithm that will be used to encrypt an unencrypted database. It can't be used on a database encrypted with a different encryption algorithm. The statement can be run with one of the following values: TripleDES, Blowfish, AES128, AES192, AES256, Cast128, or RC4.

The PRAGMA REKEY statement is used to encrypt an unencrypted database, change the encryption key of an encrypted database, or decrypt a database.

The PRAGMA statements can be executed using any database tool with Devart ODBC Driver for SQLite after connecting to the database in the Direct mode. To enable this mode, select the corresponding checkbox in the DSN settings, or set the Direct parameter to True in the connection string:

DRIVER=Devart ODBC Driver for SQLite;Direct=True;Database=D:\DeptEmp.db3

Execute the statements to encrypt the database, for example:

PRAGMA ENCRYPTION=TripleDES;

PRAGMA REKEY='mynewkey';

Connecting to an Encrypted Database

To connect to an encrypted database, enable the Direct mode and specify the Encryption Algorithm and Encryption Key in the DSN settings or in the connection string, for example:

DRIVER=Devart ODBC Driver for SQLite;Direct=True;Database=D:\DeptEmp.db3;EncryptionAlgorithm=TripleDES;EncryptionKey=mykey

Changing the Encryption Key of a Database

To change the encryption key of a database, connect to the database and execute the PRAGMA REKEY statement with a new encryption key:

PRAGMA REKEY='mynewkey';

Decrypting a Database

To decrypt a database, connect to the database and execute the PRAGMA REKEY statement with an empty value:

PRAGMA REKEY='';

Request Support

ODBC Forum

Provide Feedback