SQLite Database Encryption (2)

I am having some local SQLite databases for keeping app-config-data and consider having these as encrypted databases. Currently Xojo is using Dr Hipp for encryption and so far I did not manage to open any Xojo-encrypted database with Navicat and visa verse.
Not a big deal since it works fine with Xojo and you add encryption once you’re sure everything works fine.
But what about the choice for Dr. Hipp ? Will Xojo stay with this guy and so guarantee that we will be able to open/use old encrypted databases in future versions ?
Anyway, I guess it will be a good idea to store unencrypted versions with the source-code branches and build an application to decrypt database-files I might get back from the customer.

You could petition Navicat to add Dr. Hipp’s encryption to their tool.

I will put a ticket at Navicat for that Greg , but my question was: will Xojo stay with Dr Hipp forever in order to be able to open our encrypted databases with future versions.

The license from Dr Hipp is a perpetual license so I can’t imagine why we could change our usage of it

Fine ! Thanks Norman.

FYI its this

I just read Dr. Hipp personal homepage. It feels like I know him for years already.

I have navigate too but I have not used DB encryption ever am I will need encryption in a test I’m currently sketching. What DB software do you recommend for using Xojo databases? In my case is OSX only. (Sorry, a bit off-topic)

based on the link Norman provided above, this extension provides 4 methods

  • RC4
  • AES-128 in OFB mode
  • AES-128 in CCM mode
    *AES-256 in OFB mode

if seems that Xojo uses AES-128 in OFB mode by default (is that correct?)

can any of the other 3 be used in Xojo by prefixing the method to the key?

SQLiteManager handles this kind of encryption. That’s what I use.

Find it here:


Tadpole handles it better (but then I am a bit biased)


there are numerous encryption libraries for sqlite
Xojo uses the one that comes directly from Dr Hipp
In order to read such a db you have to be using that same encryption code

[quote=189556:@Norman Palardy]FYI its this
you inferred that this was the extension that XOJO implemented
hence my question

Exactly as I said this IS the encryption code we use
Not inferred in any way
Xojo/REAL paid the license and use that code

What I dont recall is whether you can specify different key types easily (ie/ like in the attach)

Which IS my question… there are four encyption methods in that webpage…
If this is the code Xojo uses, does the underlying SQLite engine allow for the encryption method to be pre-pended to the key if one where to user “PRAGMA KEY” or “PRAGMA REKEY” (or as part of the string to Xojo own methods)

the pragma and attach sql command definitely dont seem to have a means to specify what kind of key it is

and from a quick look over the source code it looks like the selection of encryption type is compiled right in and so it doesn’t appear to be possible, with Xojo’s sqlite database, to say the key is anything other than AES 128 OFB

there may be a way to compile things to allow more than one and to, at runtime, select one - but that doesn’t appear to be how we currently compile things

MBS SQL Plugin also supports SQLite encryption and can work in all supported modes.

That was not the question

As for other encryption methods like SQLcipher, you can use that also with my plugin.

For Dave’s question: in my plugin you can prefix key with name of encryption mode and maybe same way works with Xojo’s class. Maybe worth checking…

Lather rinse & repeat