SQLite官方提供了一个加密扩展,叫做SQLite Encryption Extension,简称SEE。

How To Compile And Use SEE


但是在The Importance of a Nouce章节提到:Bytes 16 through 23 of the database are unencrypted


  • RC4 with security enhancements
  • AES-128 in OFB mode
  • AES-128 in CCM mode
  • AES-256 in OFB mode

SEE有8中工作模式,前四种对应上面列举的四种加密。第五种支持除了AES-128 CCM之外的三种。第六种可以使用CCCrypt。第七种使用OpenSSL。第八种只是简单地对数据进行XOR。


  • see.c → AES-128, AES-256, and RC4
  • see-cccrypt.c → AES-128 and AES-256 using the CCCrypt library
  • see-aes128-ofb.c → AES-128
  • see-aes128-ccm.c → AES-128 in CCM mode
  • see-aes256-ofb.c → AES-256
  • see-aes256-openssl.c → AES-256 using the OpenSSL EVP routines
  • see-rc.c → RC4 (legacy only - not secure)
  • see-xor.c → XOR (demonstration only - not secure)


  • .rekey OLD NEW NEW
  • .hex-rekey OLD NEW NEW
  • .text-rekey OLD NEW NEW

每种加密算法的key都有长度:256 bytes (RC4) or 16 bytes (AES128) or 32 bytes (AES256) 。提供的key会被处理成加密算法所需的key长度。


可以使用sqlite3_rekey_v2或者PRAGMA key='your-secret-key';来解密一个数据库,或者在ATTACH命令末尾加上key值:ATTACH DATABASE 'file2.db' AS two KEY 'xyzzy';


  • TEMP tables are not encrypted.
  • In-memory (":memory:") databases are not encrypted.
  • Bytes 16 through 23 of the database file contain header information which is not encrypted.



SQLite with encryption/password protection提供一些替代方案:

  • wxSQLite - A wxWidgets style C++ wrapper that also implements SQLite’s encryption.
  • SQLCipher - Uses openSSL’s libcrypto to implement.
  • SQLiteCrypt - Custom implementation, modified API.
  • botansqlite3 - botansqlite3 is an encryption codec for SQLite3 that can use any algorithms in Botan for encryption.
  • sqleet - another encryption implementation, using ChaCha20/Poly1305 primitives. Note that wxSQLite mentioned above can use this as a crypto provider.