The SQLite database engine provides the ability to work with encrypted databases. The SQLite client library performs low-level encryption and decryption on the fly: database files are encrypted or decrypted during read/write operations. These operations are completely transparent to the applications accessing the database. However, the official SQLite client library doesn't support encrypting database files by default. Instead, you need to use a custom version of SQLite with encryption extensions.
Devart ODBC Driver for SQLite provides built-in encryption capabilities in the Direct
mode, which allows you to:
Note: There're no standard requirements defined for implementing database encryption for SQLite. Thus, the implementation of database encryption in Devart ODBC Driver for SQLite is only compatible with other Devart products, such as LiteDAC and UniDAC. Devart ODBC Driver for SQLite can only work with databases that were encrypted by the driver itself, LiteDAC, or UniDAC.
The PRAGMA ENCRYPTION
statement specifies the encryption algorithm that will be used to encrypt an unencrypted database. It can't be used on a database encrypted with a different encryption algorithm. The statement can be run with one of the following values: TripleDES, Blowfish, AES128, AES192, AES256, Cast128, or RC4.
The PRAGMA REKEY
statement is used to encrypt an unencrypted database, change the encryption key of an encrypted database, or decrypt a database.
The PRAGMA statements can be executed using any database tool with Devart ODBC Driver for SQLite after connecting to the database in the Direct
mode. To enable this mode, select the corresponding checkbox in the DSN settings, or set the Direct
parameter to True
in the connection string:
DRIVER=Devart ODBC Driver for SQLite;Direct=True;Database=D:\DeptEmp.db3
Execute the statements to encrypt the database, for example:
PRAGMA ENCRYPTION=TripleDES;
PRAGMA REKEY='mynewkey';
To connect to an encrypted database, enable the Direct
mode and specify the Encryption Algorithm
and Encryption Key
in the DSN settings or in the connection string, for example:
DRIVER=Devart ODBC Driver for SQLite;Direct=True;Database=D:\DeptEmp.db3;EncryptionAlgorithm=TripleDES;EncryptionKey=mykey
To change the encryption key of a database, connect to the database and execute the PRAGMA REKEY
statement with a new encryption key:
PRAGMA REKEY='mynewkey';
To decrypt a database, connect to the database and execute the PRAGMA REKEY
statement with an empty value:
PRAGMA REKEY='';