We used wxsqlite3 to encrypt database, using the algorithm AES 128 Bit CBC - No HMAC. We want to migrate to sqlcipher but the existing database is encrypted using AES 128 Bit CBC - No HMAC. May I ask:
Hello @gomez - there is not currently a seamless way to migrate from wxsqlite3 to SQLCipher. The underlying implantations are different, even outside of the algorithms that are used. You would likely need to write a special program which would decrypt the existing database, after which you could re-encrypt it using SQLCipher. This would all be custom code.
In terms of custom encryption, you can build a custom SQLCipher cryptographic provider to implement custom encryption features. There are example providers included with the community source, including ones for OpenSSL, Common Crypto, etc. I would note that we strongly recommend against using custom / non-standard encryption algorithms without a very good reason, as it impacts security and compatibility.
In summary, migration and custom encryption would both be possible, but would require fairly complicated customization. I will finally mention that under the SQLCipher Enterprise program we do provide customization and development services for extending SQLCipher. If you’d be interested in talking to us about building a solution to meet your needs, please contact us at support@zetetic.net.
Yes, there is. The project SQLite3 Multiple Ciphers (on which wxSQLite3 is based) supports to change the cipher scheme of a database with a few simple pragma statements:
PRAGMA cipher=sqlcipher; -- select SQLCipher encryption scheme
PRAGMA legacy=4; -- select SQLCipher version
PRAGMA rekey='your passphrase'; -- rekey database