Python Connector for SQLite

Database encryption - Python Connector for SQLite

Database encryption

The SQLite database engine provides the ability to work with encrypted databases. SQLite performs low-level encryption or decryption on the fly during read/write operations. These operations are completely transparent to the application accessing the database. The official SQLite library doesn't support database encryption by default; you need to use a custom version of SQLite with encryption extensions or the built-in encryption capabilities in our connector.

The connector provides built-in encryption capabilities in the Direct mode, which enables you to encrypt a database, connect to an encrypted database, change the encryption key, or decrypt a database.

Note: There're no standard requirements for implementing SQLite database encryption. The implementation of database encryption in the connector is only compatible with other Devart products for SQLite: ODBC Driver, dotConnect, LiteDAC, and UniDAC. The connector can work with databases that were encrypted by itself or other Devart products.

The PRAGMA ENCRYPTION statement specifies the encryption algorithm that will be used to encrypt a database. The statement cannot be executed against an encrypted database—you must decrypt it first. The following encryption algorithms are supported: TripleDES, Blowfish, AES128, AES192, AES256, Cast128, RC4.

The PRAGMA REKEY statement is used to encrypt a database, change the encryption key of an encrypted database, or decrypt a database.

Encrypt a database

Connect to the database in the Direct mode and execute the PRAGMA ENCRYPTION and PRAGMA REKEY statements.

connection = devart.sqlite.connect("Direct=True;Database=your_database;")
cursor = connection.cursor()
cursor.execute("PRAGMA ENCRYPTION=AES256")
cursor.execute("PRAGMA REKEY='your_key'")

Connect to an encrypted database

Enable the Direct mode and specify the EncryptionAlgorithm and EncryptionKey in the connection string.

connection = devart.sqlite.connect("Direct=True;Database=your_database;EncryptionAlgorithm=AES256;EncryptionKey=your_key")

Change the encryption key

Connect to the database in the Direct mode and execute the PRAGMA REKEY statement with a new encryption key.

connection = devart.sqlite.connect("Direct=True;Database=your_database;EncryptionAlgorithm=AES256;EncryptionKey=your_key")
connection.cursor().execute("PRAGMA REKEY='your_new_key'")

Decrypt a database

Connect to the database in the Direct mode and execute the PRAGMA REKEY statement with an empty value.

connection = devart.sqlite.connect("Direct=True;Database=your_database;EncryptionAlgorithm=AES256;EncryptionKey=your_new_key")
connection.cursor().execute("PRAGMA REKEY=''")
© 2022-2024 Devart. All Rights Reserved. Request Support Python Connectors Forum Provide Feedback