Self-contained Go sqlite3 driver with an AES-256 encrypted sqlite3 database conforming to the built-in database/sql interface. It is based on:
- Go sqlite3 driver: https://github.com/mattn/go-sqlite3
- SQLite extension with AES-256 codec: https://github.com/sqlcipher/sqlcipher
- AES-256 implementation from: https://github.com/libtom/libtomcrypt
SQLite itself is part of SQLCipher.
The version tags of go-sqlcipher are the same as for SQLCipher.
SQLCipher 4.x is incompatible with SQLCipher 3.x!
go-sqlcipher does not implement any migration strategies at the moment. So if you upgrade a major version of go-sqlcipher, you yourself are responsible to upgrade existing database files.
See migrating databases for details.
To upgrade your Go code to the 4.x series, change the import path to
"github.com/Hutt0n0/go-sqlcipher"
This package can be installed with the go get command:
go get github.com/mutecomm/go-sqlcipher
To create and open encrypted database files use the following DSN parameters:
key := "2DD29CA851E7B56E4697B0E1F08507293D761A05CE4D1B628663F411A8086D99"
dbname := fmt.Sprintf("db?_pragma_key=x'%s'&_pragma_cipher_page_size=4096", key)
db, _ := sql.Open("sqlite3", dbname)
_pragma_key
is the hex encoded 32 byte key (must be 64 characters long).
_pragma_cipher_page_size
is the page size of the encrypted database (set if
you want a different value than the default size).
key := url.QueryEscape("secret")
dbname := fmt.Sprintf("db?_pragma_key=%s&_pragma_cipher_page_size=4096", key)
db, _ := sql.Open("sqlite3", dbname)
This uses a passphrase directly as _pragma_key
with the key derivation function in
SQLCipher. Do not forget the url.QueryEscape()
call in your code!
See also PRAGMA key.
API documentation can be found here: http://godoc.org/github.com/mutecomm/go-sqlcipher
Use the function sqlite3.IsEncrypted() to check whether a database file is encrypted or not.
Examples can be found under the ./_example
directory
增加对如下查询参数的识别能力: PRAGMA cipher_use_hmac = ; PRAGMA kdf_iter = ; PRAGMA cipher_hmac_algorithm =; PRAGMA cipher_kdf_algorithm =;
dbname := fmt.Sprintf("message.db?_pragma_key=%s"+
"&_pragma_cipher_page_size=1024"+
"&_pragma_cipher_use_hmac=off"+
"&_pragma_kdf_iter=4000"+
"&_pragma_cipher_hmac_algorithm=HMAC_SHA1"+
"&_pragma_cipher_kdf_algorithm=PBKDF2_HMAC_SHA1", key)
The code of the originating packages is covered by their respective licenses. See LICENSE file for details.