We used wxsqlite3 to encrypt database, using the algorithm AES 128 Bit CBC - No HMAC. We want to migrate to sqlcipher but the existing database is encrypted using AES 128 Bit CBC - No HMAC. May I ask:
- Is there a way to seamlessly migrate databases?
- Does sqlcipher have an interface for custom encryption algorithms?
Hello @gomez - there is not currently a seamless way to migrate from wxsqlite3 to SQLCipher. The underlying implantations are different, even outside of the algorithms that are used. You would likely need to write a special program which would decrypt the existing database, after which you could re-encrypt it using SQLCipher. This would all be custom code.
In terms of custom encryption, you can build a custom SQLCipher cryptographic provider to implement custom encryption features. There are example providers included with the community source, including ones for OpenSSL, Common Crypto, etc. I would note that we strongly recommend against using custom / non-standard encryption algorithms without a very good reason, as it impacts security and compatibility.
In summary, migration and custom encryption would both be possible, but would require fairly complicated customization. I will finally mention that under the SQLCipher Enterprise program we do provide customization and development services for extending SQLCipher. If you’d be interested in talking to us about building a solution to meet your needs, please contact us at firstname.lastname@example.org.