Creating empty encrypted db with no tmp file


#1

Hi all,

My name is Mateusz. I am working on medical tool that stores privet patients data that must be secured. For that reason we use SQLCipher. Database is created at clinet side when some data are downloaded from the main server to the local storage. We then create an empty and encrypted db, initialize its structure and insert proper data. All seems to work fine under Windows but fails on Linux (Mint). As the way I am creating and encrypting db comes from varius users groups and not official SQLCipher documentation, I just wanted to be sure I am doing everything right. Below is the C++ code that worked so far on Windows (simplified, no error handling for clarity), we are not using sqlite shell and want to avoid unnecessary tmp files if possible :

sqlite3_open_v2("encrypted.db", &db, SQLITE_OPEN_READWRITE | SQLITE_OPEN_CREATE, nullptr);
sqlite3_key(db, "secret_key", 10);    
sqlite3_exec(db, "CREATE TABLE ...... ;", nullptr, nullptr, nullptr);
other interactions with db and in the end
sqlite3_close(db);

Is it the rigth way to create empty, encrypted db with pure C++ API with no shell, no PRAGMA invocation and no tmp file? Or PRAGMA from online documentation is the only right way:

  • first create empty, temporary db and initialize its structure, close
    it,
  • next, open new empty db, use PRAGMA and sqlcipher_export according to documentation to clone this temporary db with a requested key for new db,
  • delete temporary db and work on so created encrypted db
  • next time use pure C++ API (sqlite3_key) to open existing encrypted
    db?

I would be grateful for any help and suggestions as this is unclear to me how to do it right. A simple example, assumin no sqlite shell would be nice.

With regards
Mateusz Janiak


#2

Hello Mateusz_Janiak,

Usage of the PRAGMA key provides an alternative means to invoke
sqlite3_key, generally for applications that can not directly access
the C API. Within C++ you would likely just invoke sqlite3_key since
that is directly available.

With regard to temporary database, make sure you have configured with
--enable-tempstore=yes and that you specify a value of
SQLITE_TEMP_STORE=2 in your CFLAGS.