From what I understood, SQLite prints “ok” when using
PRAGMA key ?
SQLite 3.30.1, when compiled to use an encryption extension or codec (by defining SQLITE_HAS_CODEC) will return a result of “ok” for a call to
PRAGMA key. Note that a result is different from printing, though practically equivalent when dealing with the shell. However, any standard sqlite3 will not be compiled with
SQLITE_HAS_CODEC support. In that case,
PRAGMA key is just an unknown pragma, equivalent to calling
PRAGMA does_not_exist, and thus will return no result.
key pragma added by SQLCipher? Why would SQLite want a pragma used for encrypted databases, if it doesn’t support encryption?
No, the handler for
PRAGMA key has, for the duration of SQLCipher development, been included in SQLite upstream. SQLite does support encryption in a way: the SQLite team has their own SQLite-based encrypted database products called the SQLite Encryption Extension (SEE) and Compressed and Encrypted Read Only Database extension (CEROD) respectively. In other words, the pragma itself was not added by SQLCipher, instead we provide a third-party implementation of the encryption layer invoked by
Also, that means that “ok” is actually printed when using
PRAGMA key , not when using
.output , as I initially thought, right?
As noted above, the “ok” is actually a SQL result set returned by PRAGMA key. When you invoke the shell the default behavior is to print the result.
.output writes results to a file. If you were to invoke
PRAGMA key after invoking
.output filename then
ok would be included in the file. If you invoked
PRAGMA key prior to
.output you could avoid that.
The “ok” would not be included in the output of .dump, because that dot command is actually exporting database data.