Seeking Guidance: Integrating Digital signing/Encryption Tools with Our Rust/SQLite Project

Hi Everyone!

I hope you’re all doing well. We’re working on a Rust application for file system surveillance and could really use some insights from this amazing community! Here’s a bit about our project:

What We’re Doing: Our app keeps an eye on file systems, noting down any changes. It’s all built in Rust, and we’re managing our data with SQLite, interfacing through rusqlite.
Our Cryptographic Needs: We’re looking into cryptographic operations for this one. Specifically, we’re looking to:
Digitally sign rows of data for user-authentication purposes.
Encrypt sensitive data within the database.
Potentially encrypt or digitally sign the entire database for added security.
We’re really excited about the potential to integrate SQLCipher to handle these needs and would love your input on a couple of things:

Extension vs. Fork: Does anyone know if typical SQLCipher offer direct extensions with SQLite, or is it a specific SQLite fork? We’re trying to figure out the best path for integration.
rusqlite Integration: Has anyone integrated Digital signing/encryption directly with rusqlite? Any tips, tricks, or advice would be golden.
We’re all about creating a secure, robust solution and ensuring a smooth experience for our users. If you have any experiences, documentation, or advice to share, it would mean the world to us. And of course, if there’s more we should be considering or any prerequisites, please feel free to point them out.

Thanks so much in advance for your help! Looking forward to learning from you all.


Hello @Avinash_Kurup - SQLCipher is a long-running fork of SQLite. We rebase periodically to include upstream changes from the SQLite project.

In terms of the overall design, the open source community edition version is Full Database encryption only, so the entire database is secured, and individual database pages are subject to MAC. A good place to start looking at for security information is the Design Page.

SQLCipher Commercial Edition includes extension functions that can encrypt or MAC individual values and tables.

Thank you, @sjlombardo! I will review these resources and get back to you with any queries. We will be exploring this topic over the next couple of weeks.