SQLitening Support Forum

SQLitening Support => You've got Questions? We've got Answers! => Topic started by: Jim Dunn on January 28, 2011, 01:21:44 pm

Title: SQLite Encryption
Post by: Jim Dunn on January 28, 2011, 01:21:44 pm
Fred,

I noticed that (at least) one person out there (Stephen Lombardo) has created a SQLite encryption extension (http://sqlcipher.net/) that is free.

But, I found that the "source code" is free; they will sell you Win32 DLL's for a fee; compiling it is very difficult.

Anyway...

Question # 1:  Do you know of any free and easy SQLite encryption extensions?

Question # 2:  Have you ever considered putting a "layer" of encryption inside of SQLitening?

Thx!
Title: Re: SQLite Encryption
Post by: Jim Dunn on January 28, 2011, 01:24:40 pm
Oh, and I noticed that if you purchase the SQLiteExpertPro, they mention something about "encrypted sqlite.dll"...

Has anyone purchased this?  Are you able to include that encryped dll with projects you create/sell?
Title: Re: SQLite Encryption
Post by: Fred Meier on January 28, 2011, 03:01:35 pm
SQLitening already has Rijndael Encryption built-in.  It is done at the field level.  See ExampleB.Bas for usage.  Google Rijndael Encryption for details.
Title: Re: SQLite Encryption
Post by: Paul Squires on January 28, 2011, 05:15:54 pm
Fred thinks of everything even before we think of it.  :)
Title: Re: SQLite Encryption
Post by: Bern Ertl on January 28, 2011, 06:54:51 pm
Quote from: Fred Meier on January 28, 2011, 03:01:35 pm
SQLitening already has Rijndael Encryption built-in.  It is done at the field level.  See ExampleB.Bas for usage.  Google Rijndael Encryption for details.


Last time I tested it, it didn't work very well for encrypting "small" data fields.  Not sure how large a string needs to be to be encrypted, but I'd suggest people examine/test their db results in SQLiteExpert or something to verify that fields are being encrypted as expected.
Title: Re: SQLite Encryption
Post by: Fred Meier on January 28, 2011, 08:03:56 pm
Not sure what you mean by "didn't work well for small fields"?  Do you
mean it takes too much extra space (yes, minimum length is 16)?  Or do you
mean the encryption is not strong? 

I encrypted "A" and got "yq
Title: Re: SQLite Encryption
Post by: Bern Ertl on January 31, 2011, 12:03:25 pm
I meant that I could read the raw data by looking at the database (ie. it wasn't encrypted).  I assumed it was because the data fields were too short.  I may have erred in my implementation (or be remembering something I did with Tsunami before trying SQLitening).