24

What is the best approach to encrypting a SQLite database file in .Net/C#? I'm using sqlite-dotnet2 wrapper.

There are tools like SQLite Encryption Extension and SQLite Crypt, but both are non-free, while my project is under GPL.

The naive approach I thought of using was to let SQLite handle a temporary file, then to encrypt it on program exit, and overwrite (zero-out) the original. The obvious drawback is that if program crashes (and while it is running), the plain text DB is accessible.

Is there a better way to approach this? Can I pass an encrypted stream to the wrapper (instead of using SQLiteConnection.CreateFile) ?

[edit] Maybe I am overthinking this. Is is sufficient to use Password option in the connection string? Would the file be encrypted properly in that case (or is it some weaker protection)?

Improve this question
2
  • 1
    > There are tools like SQLite Encryption Extension and SQLite Crypt, but both are non-free, while my project is under GPL. We haven't tried using it with .NET just yet, but I'm on the development team for [SQLCipher][1], which is basically a free and unencumbered version of SQLite that provides transparent database encryption. I'd recommend it for use in mobile and/or stand-alone application settings where an embedded db is desirable. [1]: github.com/sjlombardo/sqlcipher Commented Sep 30, 2009 at 17:59
  • 1
    ...and .NET version of SQLCipher is also now a commercial product :( Commented Aug 23, 2012 at 17:38

2 Answers 2

Reset to default
23

I recommend using the System.Data.Sqlite wrapper, which includes encryption. It works great, it's easy to use, and it's a complete ADO.Net implementation. You can get the wrapper from https://system.data.sqlite.org, and the developer describes how to use the encryption on this forum at: https://web.archive.org/web/20100207030625/http://sqlite.phxsoftware.com/forums/t/130.aspx. Hint - you just set the password property. He also describes how he does the encryption using the Microsoft Crypto API elsewhere in the forum.

Improve this answer
Sign up to request clarification or add additional context in comments.

5 Comments

The links are broken. Could you provide the new one?
Looks like Robert Simpson abandoned the phxsoftware site once control of the software was transfered to system.data.sqlite.org in 2011. I don't think that the old forum pages are posted anywhere else.
cached version of the above link web.archive.org/web/20130325100811/http://…
version 113 did drop support SetPassword. SEE is the new way to go, even thought it does cost 2000$ and requires manual compilation.
@Bin4ry see here for more info: stackoverflow.com/a/72073407/8586332
5

I would try http://code.google.com/p/csharp-sqlite/, it's rewrite of SQLite 3.6.16 in C#, under MIT License. I suppose it will be easy to tweak it.

EDIT: As mentioned in the note below, it also support sqlcipher encryption

UPDATE: Since Google Code went read only the project has moved to it's own website https://system.data.sqlite.org/index.html/doc/trunk/www/index.wiki

Improve this answer

1 Comment

C#-SQLite includes built in support for the sqlcipher package; You compile it with SQLITE_HAS_CODEC and activate it with PRAGMA hexkey="0x0102030405060708090a0b0c0d0e0f10";

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.