The SQLite Encryption Extension (SEE)


The SQLite Encryption Extension (SEE) is an add-on to the public domain version of SQLite that allows an application to read and write encrypted database files. Four different encryption algorithms are supported:

SEE is a drop-in replacement for public-domain SQLite. An SEE-enhanced SQLite library can read and write ordinary unencrypted database files created by a public-domain SQLite in addition to reading and writing encrypted database files. In fact, an application can use the ATTACH command of SQLite to simultaneously talk to two or more database some of which are encrypted and others not. Each database file can have its own encryption key.

SEE encrypts the entire database file - both data and metadata. To an outside observer, an encrypted SQLite database file appears to be white noise. Both the database file itself and its rollback journal are encrypted.

Usage

After opening a new database file (and before doing anything else) the application activates SEE by issuing one of the following pragmas:

PRAGMA key=text-key;
PRAGMA hexkey=hexadecimal-key;

The encryption key is the same in either case. The hexkey pragma merely makes it easier to support binary key material. The encryption key can also be set using C-language APIs instead of PRAGMA statements, if desired.

The encryption key can be changed at any time using similar "rekey" and "hexrekey" pragmas statements or another C-language API. Changing the encryption key involves reading and writing the entire database file.

All other interfaces to SQLite continue to work exactly the same in SEE as they do in public-domain SQLite. SEE is a drop-in replacement for public-domain SQLite that simply adds the new encryption interfaces.

Deliverables

The SEE is shipped as source code. You are responsible for compiling it yourself. But SEE is written entirely in uncomplicated ANSI-C code. If you are able to compile the public domain SQLite, then you should have no difficulty compiling the SEE.

Public-domain SQLite is normally delivered as a single large source-code file named "sqlite3.c". SEE is delivered the same way - as a single large source code file. The SEE source code file is often given a different name, to avoid confusing it with public-domain SQLite, but you can also call it "sqlite3.c" if you desire. In that case, in order to add SEE to your application, all you need to do is to replace the public-domain "sqlite3.c" source file with the SEE-enabled "sqlite3.c" source file and recompile. (You'll also need to add a new compile-time option, -DSQLITE_HAS_CODEC, to enable the encryption logic.) The added SEE logic makes no operating system calls nor calls to external library routines, so if your build works with public-domain SQLite, it is certain to also work with SEE.

The SEE source code also includes an enhanced version of the SQLite Command-Line Interface (CLI) that supports SEE with additional command-line options, "-key" and "-hexkey", that are used to specify the encryption key.

After you purchase a license to use SEE, we will email you a username and password that lets you access the on-line configuration management system for SEE. You will be able to log on whenever you want to download the latest source code and documentation for SEE. Your password will never expire, so you can log in again in the future, as often as you like, to download updates and enhancements to SEE.

License

The SEE is licensed software. Here is a copy of a sample license agreement. Your license is perpetual. You can ship as many compiled, binary copies of SQLite with your commercial product as long as each copy is attached to your product in such a way that it cannot be separated from your product. Normally this means that you should statically link SEE with your product, thought exceptions to this rule can be made as circumstances require. There are no per-copy royalties are fees and there are no license renewals.

Your SEE license is valid for multiple products as long as all products are developed and maintained by a single team. For the purposes of this paragraph a "team" is a group of people who work together and all know each others names. For smaller organizations, an entire company is usually considered a single team. However, for larger firms, we may ask that different project teams each acquire their own separate license.

The cost of a perpetual source code license for SEE is US $2000. You can order on-line or send email to sqlite@hwaci.com or call during east-coast business hours: +1.704.948.4565.

Support

The base price of SEE does not include support. We will answer a few simple questions to help you get started, and we will fix any bugs you find within 90 days of purchase. But for help beyond this, we ask that you obtain an Annual Maintenance Subscription for SQLite. An Annual Maintenance Subscription entitles you to support for both SEE and for the public-domain SQLite code.

Higher levels of support are available on a negotiated basis. Baseline support packages include a Technical Support Agreements and SQLite Consortium Membership. Consortium membership is the highest level of support offered. The US $2000 SEE license fee is waived for Consortium members.

Additional Information

If you have other questions about SQLite, please contact us directly at sqlite@hwaci.com or by phone at +1.704.948.4565 during east-coast business hours.