How to encrypt an existing unencrypted database using sqlitemc shell?

Question

How to encrypt an existing unencrypted database using sqlitemc shell?

Closed this issue 3 years ago · 1 comments

Hi, this is not an issue report but rather a newbie question - what are the exact command sequences to encrypt an existing non-encrypted database using sqlitemc shell ? I tried quite a few combinations of pragma statements but no success, It is greatly appreciated if you can provide with an example. Thank you very much in advance!

Answer 1 · 2021-12-25T07:30:42.000Z

Since this is not an issue with the implementation, I'm going to convert this topic into a discussion.

The required SQL statements to encrypt an existing non-encrypted database depend on what exactly you want to accomplish.

For the default encryption scheme, usually ChaCha20-Poly1305, it is as simple as issuing a single pragma:

PRAGMA rekey='passphrase';

If you want to use a different encryption scheme, you have to select it, before issuing the rekey pragma:

PRAGMA cipher=aes256cbc;
PRAGMA rekey='passphrase';

selects the encryption scheme wxSQLite3 AES 256-bit.

If you want to use the SQLCipher scheme in legacy mode (to be compatible with existing SQLCipher databases), you specify:

PRAGMA cipher=sqlcipher;
PRAGMA legacy=4;
PRAGMA rekey='passphrase';