The sqlcipher key security!

SQLcipher implements the Function API(sqlite3_key)that left by the SQLite3, and user can exectue "pragma key = ‘passphrase’ in the shell or ```use
int sqlite3_key(sqlite3 *db, const void *pKey, int nKey) to encrypted the whole database. It is very friendly to user, but where to store the key and how to protect the key ? If the key is leaked, the whole database is exposed to the attackers.

Hi @ellipse

Thanks for your interest in SQLCipher. We do offer some general guidance on key selection and management here, however, the level of security necessary for your application may vary from others. Without knowing the specifics, it is difficult to give concrete recommendations. That said, we strongly advise against including the key within the application source/binary itself.

1 Like