My name is Mateusz. I am working on medical tool that stores privet patients data that must be secured. For that reason we use SQLCipher. Database is created at clinet side when some data are downloaded from the main server to the local storage. We then create an empty and encrypted db, initialize its structure and insert proper data. All seems to work fine under Windows but fails on Linux (Mint). As the way I am creating and encrypting db comes from varius users groups and not official SQLCipher documentation, I just wanted to be sure I am doing everything right. Below is the C++ code that worked so far on Windows (simplified, no error handling for clarity), we are not using sqlite shell and want to avoid unnecessary tmp files if possible :
sqlite3_open_v2("encrypted.db", &db, SQLITE_OPEN_READWRITE | SQLITE_OPEN_CREATE, nullptr); sqlite3_key(db, "secret_key", 10); sqlite3_exec(db, "CREATE TABLE ...... ;", nullptr, nullptr, nullptr); other interactions with db and in the end sqlite3_close(db);
Is it the rigth way to create empty, encrypted db with pure C++ API with no shell, no PRAGMA invocation and no tmp file? Or PRAGMA from online documentation is the only right way:
- first create empty, temporary db and initialize its structure, close
- next, open new empty db, use PRAGMA and sqlcipher_export according to documentation to clone this temporary db with a requested key for new db,
- delete temporary db and work on so created encrypted db
- next time use pure C++ API (sqlite3_key) to open existing encrypted
I would be grateful for any help and suggestions as this is unclear to me how to do it right. A simple example, assumin no sqlite shell would be nice.