Python Connector for SQLite

Database encryption - Python Connector for SQLite

Database encryption

The SQLite database engine provides the ability to work with encrypted databases. SQLite performs low-level encryption or decryption on the fly during read/write operations. These operations are completely transparent to the application accessing the database. The official SQLite library doesn't support database encryption by default; you need to use a custom version of SQLite with encryption extensions or the built-in encryption capabilities in our connector.

The connector provides built-in encryption capabilities in the Direct mode, which enables you to encrypt a database, connect to an encrypted database, change the encryption key, or decrypt a database.

Note: There are no standard requirements for implementing SQLite database encryption. The implementation of database encryption in the connector is only compatible with other Devart products for SQLite: The connector can work with databases that were encrypted by itself or other Devart products.

The PRAGMA ENCRYPTION statement specifies the encryption algorithm that will be used to encrypt a database. The statement cannot be executed against an encrypted database—you must decrypt it first. The following encryption algorithms are supported: TripleDES, Blowfish, AES128, AES192, AES256, Cast128, RC4.

The PRAGMA REKEY statement is used to encrypt a database, change the encryption key of an encrypted database, or decrypt a database.

Encrypt a database

Connect to the database in the Direct mode and execute the PRAGMA ENCRYPTION and PRAGMA REKEY statements.

connection = devart.sqlite.connect("Direct=True;Database=your_database;")
cursor = connection.cursor()
cursor.execute("PRAGMA ENCRYPTION=AES256")
cursor.execute("PRAGMA REKEY='your_key'")

Connect to an encrypted database

Enable the Direct mode and specify the EncryptionAlgorithm and EncryptionKey in the connection string.

connection = devart.sqlite.connect("Direct=True;Database=your_database;EncryptionAlgorithm=AES256;EncryptionKey=your_key")

Change the encryption key

Connect to the database in the Direct mode and execute the PRAGMA REKEY statement with a new encryption key.

connection = devart.sqlite.connect("Direct=True;Database=your_database;EncryptionAlgorithm=AES256;EncryptionKey=your_key")
connection.cursor().execute("PRAGMA REKEY='your_new_key'")

Decrypt a database

Connect to the database in the Direct mode and execute the PRAGMA REKEY statement with an empty value.

connection = devart.sqlite.connect("Direct=True;Database=your_database;EncryptionAlgorithm=AES256;EncryptionKey=your_new_key")
connection.cursor().execute("PRAGMA REKEY=''")
© 2022-2025 Devart. All Rights Reserved. Request Support Python Connectors Forum Provide Feedback