3 SQLCipher is a standalone fork of the [SQLite](https://www.sqlite.org/) database library that adds 256 bit AES encryption of database files and other security features like:
5 - on-the-fly encryption
8 - strong key derivation
10 SQLCipher is based on SQLite and stable upstream release features are periodically integrated. While SQLCipher is maintained as a separate version of the source tree, the project minimizes alterations to core SQLite code whenever possible.
12 SQLCipher is maintained by Zetetic, LLC, and additional information and documentation is available on the official [SQLCipher site](https://www.zetetic.net/sqlcipher/).
16 - Fast performance with as little as 5-15% overhead for encryption on many operations
17 - 100% of data in the database file is encrypted
18 - Good security practices (CBC mode, HMAC, key derivation)
19 - Zero-configuration and application level cryptography
20 - Algorithms provided by the peer reviewed OpenSSL crypto library.
21 - Configurable crypto providers
25 SQLCipher maintains database format compatibility within the same major version number so an application on any platform can open databases created by any other application provided the major version of SQLCipher is the same between them. However, major version updates (e.g. from 3.x to 4.x) often include changes to default settings. This means that newer major versions of SQLCipher will not open databases created by older versions without using special settings. For example, SQLCipher 4 introduces many new performance and security enhancements. The new default algorithms, increased KDF iterations, and larger page size mean that SQLCipher 4 will not open databases created by SQLCipher 1.x, 2.x, or 3.x by default. Instead, an application would either need to migrate the older databases to use the new format or enable a special backwards-compatibility mode. The available options are described in SQLCipher's [upgrade documentation](https://discuss.zetetic.net/t/upgrading-to-sqlcipher-4/3283).
27 SQLCipher is also compatible with standard SQLite databases. When a key is not provided, SQLCipher will behave just like the standard SQLite library. It is also possible to convert from a plaintext database (standard SQLite) to an encrypted SQLCipher database using [ATTACH and the sqlcipher_export() convenience function](https://discuss.zetetic.net/t/how-to-encrypt-a-plaintext-sqlite-database-to-use-sqlcipher-and-avoid-file-is-encrypted-or-is-not-a-database-errors/868).
31 The SQLCipher team welcomes contributions to the core library. All contributions including pull requests and patches should be based on the `prerelease` branch, and must be accompanied by a [contributor agreement](https://www.zetetic.net/contributions/). We strongly encourage [discussion](https://discuss.zetetic.net/c/sqlcipher) of the proposed change prior to development and submission.
35 Building SQLCipher is similar to compiling a regular version of SQLite from source, with a couple of small exceptions:
37 1. You *must* define `SQLITE_HAS_CODEC` and either `SQLITE_TEMP_STORE=2` or `SQLITE_TEMP_STORE=3`
38 2. You will need to link against a support cryptographic provider (OpenSSL, LibTomCrypt, CommonCrypto/Security.framework, or NSS)
40 The following examples demonstrate linking against OpenSSL, which is a readily available provider on most Unix-like systems.
42 Example 1. Static linking (replace /opt/local/lib with the path to libcrypto.a). Note in this
43 example, `--enable-tempstore=yes` is setting `SQLITE_TEMP_STORE=2` for the build.
46 $ ./configure --enable-tempstore=yes CFLAGS="-DSQLITE_HAS_CODEC" \
47 LDFLAGS="/opt/local/lib/libcrypto.a"
51 Example 2. Dynamic linking
54 $ ./configure --enable-tempstore=yes CFLAGS="-DSQLITE_HAS_CODEC" \
61 The full SQLite test suite will not complete successfully when using SQLCipher. In some cases encryption interferes with low-level tests that require access to database file data or features which are unsupported by SQLCipher. Those tests that are intended to support encryption are intended for non-SQLCipher implementations. In addition, because SQLite tests are not always isolated, if one test fails it can trigger a domino effect with other failures in later steps.
63 As a result, the SQLCipher package includes it's own independent tests that exercise and verify the core functionality of the SQLCipher extensions. This test suite is intended to provide an abbreviated verification of SQLCipher's internal logic; it does not perform an exhaustive test of the SQLite database system as a whole or verify functionality on specific platforms. Because SQLCipher is based on stable upstream builds of SQLite, it is considered a basic assumption that the core SQLite library code is operating properly (the SQLite core is almost untouched in SQLCipher). Thus, the additional SQLCipher-specific test provide the requisite verification that the library is operating as expected with SQLCipher's security features enabled.
65 To run SQLCipher specific tests, configure as described here and run the following to execute the tests and receive a report of the results:
68 $ ./configure --enable-tempstore=yes --enable-fts5 CFLAGS="-DSQLITE_HAS_CODEC -DSQLCIPHER_TEST" \
71 $ ./testfixture test/sqlcipher.test
74 ## Encrypting a database
76 To specify an encryption passphrase for the database via the SQL interface you
77 use a PRAGMA. The passphrase you enter is passed through PBKDF2 key derivation to
78 obtain the encryption key for the database
80 PRAGMA key = 'passphrase';
82 Alternately, you can specify an exact byte sequence using a blob literal. If you
83 use this method it is your responsibility to ensure that the data you provide is a
84 64 character hex string, which will be converted directly to 32 bytes (256 bits) of
85 key data without key derivation.
87 PRAGMA key = "x'2DD29CA851E7B56E4697B0E1F08507293D761A05CE4D1B628663F411A8086D99'";
89 To encrypt a database programmatically you can use the `sqlite3_key` function.
90 The data provided in `pKey` is converted to an encryption key according to the
91 same rules as `PRAGMA key`.
93 int sqlite3_key(sqlite3 *db, const void *pKey, int nKey);
95 `PRAGMA key` or `sqlite3_key` should be called as the first operation when a database is open.
97 ## Changing a database key
99 To change the encryption passphrase for an existing database you may use the rekey PRAGMA
100 after you've supplied the correct database password;
102 PRAGMA key = 'passphrase'; -- start with the existing database passphrase
103 PRAGMA rekey = 'new-passphrase'; -- rekey will reencrypt with the new passphrase
105 The hex rekey pragma may be used to rekey to a specific binary value
107 PRAGMA rekey = "x'2DD29CA851E7B56E4697B0E1F08507293D761A05CE4D1B628663F411A8086D99'";
109 This can be accomplished programmatically by using sqlite3_rekey;
111 sqlite3_rekey(sqlite3 *db, const void *pKey, int nKey)
115 The primary source for complete documentation (design, API, platforms, usage) is the SQLCipher website:
117 https://www.zetetic.net/sqlcipher/documentation
119 The primary avenue for support and discussions is the SQLCipher discuss site:
121 https://discuss.zetetic.net/c/sqlcipher
123 Issues or support questions on using SQLCipher should be entered into the
124 GitHub Issue tracker:
126 https://github.com/sqlcipher/sqlcipher/issues
128 Please DO NOT post issues, support questions, or other problems to blog
129 posts about SQLCipher as we do not monitor them frequently.
131 If you are using SQLCipher in your own software please let us know at
134 ## Community Edition Open Source License
136 Copyright (c) 2020, ZETETIC LLC
139 Redistribution and use in source and binary forms, with or without
140 modification, are permitted provided that the following conditions are met:
141 * Redistributions of source code must retain the above copyright
142 notice, this list of conditions and the following disclaimer.
143 * Redistributions in binary form must reproduce the above copyright
144 notice, this list of conditions and the following disclaimer in the
145 documentation and/or other materials provided with the distribution.
146 * Neither the name of the ZETETIC LLC nor the
147 names of its contributors may be used to endorse or promote products
148 derived from this software without specific prior written permission.
150 THIS SOFTWARE IS PROVIDED BY ZETETIC LLC ''AS IS'' AND ANY
151 EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
152 WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
153 DISCLAIMED. IN NO EVENT SHALL ZETETIC LLC BE LIABLE FOR ANY
154 DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
155 (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
156 LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
157 ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
158 (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
159 SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
161 # Begin SQLite README.md
163 <h1 align="center">SQLite Source Repository</h1>
165 This repository contains the complete source code for the
166 [SQLite database engine](https://sqlite.org/). Some test scripts
167 are also included. However, many other test scripts
168 and most of the documentation are managed separately.
172 SQLite sources are managed using
173 [Fossil](https://www.fossil-scm.org/), a distributed version control system
174 that was specifically designed and written to support SQLite development.
175 The [Fossil repository](https://sqlite.org/src/timeline) contains the urtext.
177 If you are reading this on GitHub or some other Git repository or service,
178 then you are looking at a mirror. The names of check-ins and
179 other artifacts in a Git mirror are different from the official
180 names for those objects. The official names for check-ins are
181 found in a footer on the check-in comment for authorized mirrors.
182 The official check-in name can also be seen in the `manifest.uuid` file
183 in the root of the tree. Always use the official name, not the
184 Git-name, when communicating about an SQLite check-in.
186 If you pulled your SQLite source code from a secondary source and want to
187 verify its integrity, there are hints on how to do that in the
188 [Verifying Code Authenticity](#vauth) section below.
190 ## Contacting The SQLite Developers
192 The preferred way to ask questions or make comments about SQLite or to
193 report bugs against SQLite is to visit the
194 [SQLite Forum](https://sqlite.org/forum) at <https://sqlite.org/forum/>.
195 Anonymous postings are permitted.
197 If you think you have found a bug that has security implications and
198 you do not want to report it on the public forum, you can send a private
199 email to drh at sqlite dot org.
203 The SQLite source code is in the public domain. See
204 <https://sqlite.org/copyright.html> for details.
206 Because SQLite is in the public domain, we do not normally accept pull
207 requests, because if we did take a pull request, the changes in that
208 pull request might carry a copyright and the SQLite source code would
209 then no longer be fully in the public domain.
211 ## Obtaining The SQLite Source Code
213 If you do not want to use Fossil, you can download tarballs or ZIP
214 archives or [SQLite archives](https://sqlite.org/cli.html#sqlar) as follows:
216 * Latest trunk check-in as
217 [Tarball](https://www.sqlite.org/src/tarball/sqlite.tar.gz),
218 [ZIP-archive](https://www.sqlite.org/src/zip/sqlite.zip), or
219 [SQLite-archive](https://www.sqlite.org/src/sqlar/sqlite.sqlar).
222 [Tarball](https://www.sqlite.org/src/tarball/sqlite.tar.gz?r=release),
223 [ZIP-archive](https://www.sqlite.org/src/zip/sqlite.zip?r=release), or
224 [SQLite-archive](https://www.sqlite.org/src/sqlar/sqlite.sqlar?r=release).
226 * For other check-ins, substitute an appropriate branch name or
227 tag or hash prefix in place of "release" in the URLs of the previous
228 bullet. Or browse the [timeline](https://www.sqlite.org/src/timeline)
229 to locate the check-in desired, click on its information page link,
230 then click on the "Tarball" or "ZIP Archive" links on the information
233 If you do want to use Fossil to check out the source tree,
234 first install Fossil version 2.0 or later.
235 (Source tarballs and precompiled binaries available
236 [here](https://www.fossil-scm.org/fossil/uv/download.html). Fossil is
237 a stand-alone program. To install, simply download or build the single
238 executable file and put that file someplace on your $PATH.)
239 Then run commands like this:
241 mkdir -p ~/sqlite ~/Fossils
243 fossil clone https://www.sqlite.org/src ~/Fossils/sqlite.fossil
244 fossil open ~/Fossils/sqlite.fossil
246 After setting up a repository using the steps above, you can always
247 update to the latest version using:
249 fossil update trunk ;# latest trunk check-in
250 fossil update release ;# latest official release
252 Or type "fossil ui" to get a web-based user interface.
254 ## Compiling for Unix-like systems
256 First create a directory in which to place
257 the build products. It is recommended, but not required, that the
258 build directory be separate from the source directory. Cd into the
259 build directory and then from the build directory run the configure
260 script found at the root of the source tree. Then run "make".
264 tar xzf sqlite.tar.gz ;# Unpack the source tree into "sqlite"
265 mkdir bld ;# Build will occur in a sibling directory
266 cd bld ;# Change to the build directory
267 ../sqlite/configure ;# Run the configure script
268 make ;# Builds the "sqlite3" command-line tool
269 make sqlite3.c ;# Build the "amalgamation" source file
270 make devtest ;# Run some tests (requires Tcl)
272 See the makefile for additional targets.
274 The configure script uses autoconf 2.61 and libtool. If the configure
275 script does not work out for you, there is a generic makefile named
276 "Makefile.linux-gcc" in the top directory of the source tree that you
277 can copy and edit to suit your needs. Comments on the generic makefile
278 show what changes are needed.
280 ## Compiling for Windows Using MSVC
282 On Windows, all applicable build products can be compiled with MSVC.
283 You will also need a working installation of TCL.
284 See the [compile-for-windows.md](doc/compile-for-windows.md) document for
285 additional information about how to install MSVC and TCL and configure your
288 If you want to run tests, you need to let SQLite know the location of your
289 TCL library, using a command like this:
293 SQLite uses "tclsh.exe" as part of the build process, and so that utility
294 program will need to be somewhere on your %PATH%. The finished SQLite library
295 does not contain any TCL code, but it does use TCL to help with the build process
298 Build using Makefile.msc. Example:
300 nmake /f Makefile.msc
301 nmake /f Makefile.msc sqlite3.c
302 nmake /f Makefile.msc devtest
303 nmake /f Makefile.msc releasetest
305 There are many other makefile targets. See comments in Makefile.msc for
310 Most of the core source files are in the **src/** subdirectory. The
311 **src/** folder also contains files used to build the "testfixture" test
312 harness. The names of the source files used by "testfixture" all begin
314 The **src/** also contains the "shell.c" file
315 which is the main program for the "sqlite3.exe"
316 [command-line shell](https://sqlite.org/cli.html) and
317 the "tclsqlite.c" file which implements the
318 [Tcl bindings](https://sqlite.org/tclsqlite.html) for SQLite.
319 (Historical note: SQLite began as a Tcl
320 extension and only later escaped to the wild as an independent library.)
322 Test scripts and programs are found in the **test/** subdirectory.
323 Additional test code is found in other source repositories.
324 See [How SQLite Is Tested](https://www.sqlite.org/testing.html) for
325 additional information.
327 The **ext/** subdirectory contains code for extensions. The
328 Full-text search engine is in **ext/fts3**. The R-Tree engine is in
329 **ext/rtree**. The **ext/misc** subdirectory contains a number of
330 smaller, single-file extensions, such as a REGEXP operator.
332 The **tool/** subdirectory contains various scripts and programs used
333 for building generated source code files or for testing or for generating
334 accessory programs such as "sqlite3_analyzer(.exe)".
336 ### Generated Source Code Files
338 Several of the C-language source files used by SQLite are generated from
339 other sources rather than being typed in manually by a programmer. This
340 section will summarize those automatically-generated files. To create all
341 of the automatically-generated files, simply run "make target_source".
342 The "target_source" make target will create a subdirectory "tsrc/" and
343 fill it with all the source files needed to build SQLite, both
344 manually-edited files and automatically-generated files.
346 The SQLite interface is defined by the **sqlite3.h** header file, which is
347 generated from src/sqlite.h.in, ./manifest.uuid, and ./VERSION. The
348 [Tcl script](https://www.tcl.tk) at tool/mksqlite3h.tcl does the conversion.
349 The manifest.uuid file contains the SHA3 hash of the particular check-in
350 and is used to generate the SQLITE\_SOURCE\_ID macro. The VERSION file
351 contains the current SQLite version number. The sqlite3.h header is really
352 just a copy of src/sqlite.h.in with the source-id and version number inserted
353 at just the right spots. Note that comment text in the sqlite3.h file is
354 used to generate much of the SQLite API documentation. The Tcl scripts
355 used to generate that documentation are in a separate source repository.
357 The SQL language parser is **parse.c** which is generated from a grammar in
358 the src/parse.y file. The conversion of "parse.y" into "parse.c" is done
359 by the [lemon](./doc/lemon.html) LALR(1) parser generator. The source code
360 for lemon is at tool/lemon.c. Lemon uses the tool/lempar.c file as a
361 template for generating its parser.
362 Lemon also generates the **parse.h** header file, at the same time it
365 The **opcodes.h** header file contains macros that define the numbers
366 corresponding to opcodes in the "VDBE" virtual machine. The opcodes.h
367 file is generated by scanning the src/vdbe.c source file. The
368 Tcl script at ./mkopcodeh.tcl does this scan and generates opcodes.h.
369 A second Tcl script, ./mkopcodec.tcl, then scans opcodes.h to generate
370 the **opcodes.c** source file, which contains a reverse mapping from
371 opcode-number to opcode-name that is used for EXPLAIN output.
373 The **keywordhash.h** header file contains the definition of a hash table
374 that maps SQL language keywords (ex: "CREATE", "SELECT", "INDEX", etc.) into
375 the numeric codes used by the parse.c parser. The keywordhash.h file is
376 generated by a C-language program at tool mkkeywordhash.c.
378 The **pragma.h** header file contains various definitions used to parse
379 and implement the PRAGMA statements. The header is generated by a
380 script **tool/mkpragmatab.tcl**. If you want to add a new PRAGMA, edit
381 the **tool/mkpragmatab.tcl** file to insert the information needed by the
382 parser for your new PRAGMA, then run the script to regenerate the
383 **pragma.h** header file.
387 All of the individual C source code and header files (both manually-edited
388 and automatically-generated) can be combined into a single big source file
389 **sqlite3.c** called "the amalgamation". The amalgamation is the recommended
390 way of using SQLite in a larger application. Combining all individual
391 source code files into a single big source code file allows the C compiler
392 to perform more cross-procedure analysis and generate better code. SQLite
393 runs about 5% faster when compiled from the amalgamation versus when compiled
394 from individual source files.
396 The amalgamation is generated from the tool/mksqlite3c.tcl Tcl script.
397 First, all of the individual source files must be gathered into the tsrc/
398 subdirectory (using the equivalent of "make target_source") then the
399 tool/mksqlite3c.tcl script is run to copy them all together in just the
400 right order while resolving internal "#include" references.
402 The amalgamation source file is more than 200K lines long. Some symbolic
403 debuggers (most notably MSVC) are unable to deal with files longer than 64K
404 lines. To work around this, a separate Tcl script, tool/split-sqlite3c.tcl,
405 can be run on the amalgamation to break it up into a single small C file
406 called **sqlite3-all.c** that does #include on about seven other files
407 named **sqlite3-1.c**, **sqlite3-2.c**, ..., **sqlite3-7.c**. In this way,
408 all of the source code is contained within a single translation unit so
409 that the compiler can do extra cross-procedure optimization, but no
410 individual source file exceeds 32K lines in length.
412 ## How It All Fits Together
414 SQLite is modular in design.
415 See the [architectural description](https://www.sqlite.org/arch.html)
416 for details. Other documents that are useful in
417 (helping to understand how SQLite works include the
418 [file format](https://www.sqlite.org/fileformat2.html) description,
419 the [virtual machine](https://www.sqlite.org/opcode.html) that runs
420 prepared statements, the description of
421 [how transactions work](https://www.sqlite.org/atomiccommit.html), and
422 the [overview of the query planner](https://www.sqlite.org/optoverview.html).
424 Years of effort have gone into optimizing SQLite, both
425 for small size and high performance. And optimizations tend to result in
426 complex code. So there is a lot of complexity in the current SQLite
427 implementation. It will not be the easiest library in the world to hack.
431 * **sqlite.h.in** - This file defines the public interface to the SQLite
432 library. Readers will need to be familiar with this interface before
433 trying to understand how the library works internally.
435 * **sqliteInt.h** - this header file defines many of the data objects
436 used internally by SQLite. In addition to "sqliteInt.h", some
437 subsystems have their own header files.
439 * **parse.y** - This file describes the LALR(1) grammar that SQLite uses
440 to parse SQL statements, and the actions that are taken at each step
441 in the parsing process.
443 * **vdbe.c** - This file implements the virtual machine that runs
444 prepared statements. There are various helper files whose names
445 begin with "vdbe". The VDBE has access to the vdbeInt.h header file
446 which defines internal data objects. The rest of SQLite interacts
447 with the VDBE through an interface defined by vdbe.h.
449 * **where.c** - This file (together with its helper files named
450 by "where*.c") analyzes the WHERE clause and generates
451 virtual machine code to run queries efficiently. This file is
452 sometimes called the "query optimizer". It has its own private
453 header file, whereInt.h, that defines data objects used internally.
455 * **btree.c** - This file contains the implementation of the B-Tree
456 storage engine used by SQLite. The interface to the rest of the system
457 is defined by "btree.h". The "btreeInt.h" header defines objects
458 used internally by btree.c and not published to the rest of the system.
460 * **pager.c** - This file contains the "pager" implementation, the
461 module that implements transactions. The "pager.h" header file
462 defines the interface between pager.c and the rest of the system.
464 * **os_unix.c** and **os_win.c** - These two files implement the interface
465 between SQLite and the underlying operating system using the run-time
466 pluggable VFS interface.
468 * **shell.c.in** - This file is not part of the core SQLite library. This
469 is the file that, when linked against sqlite3.a, generates the
470 "sqlite3.exe" command-line shell. The "shell.c.in" file is transformed
471 into "shell.c" as part of the build process.
473 * **tclsqlite.c** - This file implements the Tcl bindings for SQLite. It
474 is not part of the core SQLite library. But as most of the tests in this
475 repository are written in Tcl, the Tcl language bindings are important.
477 * **test\*.c** - Files in the src/ folder that begin with "test" go into
478 building the "testfixture.exe" program. The testfixture.exe program is
479 an enhanced Tcl shell. The testfixture.exe program runs scripts in the
480 test/ folder to validate the core SQLite code. The testfixture program
481 (and some other test programs too) is built and run when you type
484 There are many other source files. Each has a succinct header comment that
485 describes its purpose and role within the larger system.
488 ## Verifying Code Authenticity
490 The `manifest` file at the root directory of the source tree
491 contains either a SHA3-256 hash or a SHA1 hash
492 for every source file in the repository.
493 The name of the version of the entire source tree is just the
494 SHA3-256 hash of the `manifest` file itself, possibly with the
495 last line of that file omitted if the last line begins with
496 "`# Remove this line`".
497 The `manifest.uuid` file should contain the SHA3-256 hash of the
498 `manifest` file. If all of the above hash comparisons are correct, then
499 you can be confident that your source tree is authentic and unadulterated.
500 Details on the format for the `manifest` files are available
501 [on the Fossil website](https://fossil-scm.org/fossil/doc/trunk/www/fileformat.wiki#manifest).
503 The process of checking source code authenticity is automated by the
510 > nmake /f Makefile.msc verify-source
512 Using the makefile to verify source integrity is good for detecting
513 accidental changes to the source tree, but malicious changes could be
514 hidden by also modifying the makefiles.
518 The main SQLite website is [https://sqlite.org/](https://sqlite.org/)
519 with geographically distributed backups at
520 [https://www2.sqlite.org/](https://www2.sqlite.org) and
521 [https://www3.sqlite.org/](https://www3.sqlite.org).