• Welcome, Guest. Please login.
 
July 11, 2020, 07:45:35 am

News:

Welcome to the SQLitening support forums!


SQLite Encryption

Started by Jim Dunn, January 28, 2011, 01:21:44 pm

Previous topic - Next topic

Jim Dunn

Fred,

I noticed that (at least) one person out there (Stephen Lombardo) has created a SQLite encryption extension (http://sqlcipher.net/) that is free.

But, I found that the "source code" is free; they will sell you Win32 DLL's for a fee; compiling it is very difficult.

Anyway...

Question # 1:  Do you know of any free and easy SQLite encryption extensions?

Question # 2:  Have you ever considered putting a "layer" of encryption inside of SQLitening?

Thx!
3.14159265358979323846264338327950
"Ok, yes... I like pie... hate roman numerals."

Jim Dunn

Oh, and I noticed that if you purchase the SQLiteExpertPro, they mention something about "encrypted sqlite.dll"...

Has anyone purchased this?  Are you able to include that encryped dll with projects you create/sell?
3.14159265358979323846264338327950
"Ok, yes... I like pie... hate roman numerals."

Fred Meier

SQLitening already has Rijndael Encryption built-in.  It is done at the field level.  See ExampleB.Bas for usage.  Google Rijndael Encryption for details.

Paul Squires

Fred thinks of everything even before we think of it.  :)

Bern Ertl

Quote from: Fred Meier on January 28, 2011, 03:01:35 pm
SQLitening already has Rijndael Encryption built-in.  It is done at the field level.  See ExampleB.Bas for usage.  Google Rijndael Encryption for details.


Last time I tested it, it didn't work very well for encrypting "small" data fields.  Not sure how large a string needs to be to be encrypted, but I'd suggest people examine/test their db results in SQLiteExpert or something to verify that fields are being encrypted as expected.

Fred Meier

Not sure what you mean by "didn't work well for small fields"?  Do you
mean it takes too much extra space (yes, minimum length is 16)?  Or do you
mean the encryption is not strong? 

I encrypted "A" and got "yq

Bern Ertl

I meant that I could read the raw data by looking at the database (ie. it wasn't encrypted).  I assumed it was because the data fields were too short.  I may have erred in my implementation (or be remembering something I did with Tsunami before trying SQLitening).