tags:

views:

2656

answers:

4
+3  Q: 

Encrypt SQLite database in C#

What is the best approach to encrypting a SQLite database file in .Net/C#? I'm using sqlite-dotnet2 wrapper.

There are tools like SQLite Encryption Extension and SQLite Crypt, but both are non-free, while my project is under GPL.

The naive approach I thought of using was to let SQLite handle a temporary file, then to encrypt it on program exit, and overwrite (zero-out) the original. The obvious drawback is that if program crashes (and while it is running), the plain text DB is accessible.

Is there a better way to approach this? Can I pass an encrypted stream to the wrapper (instead of using SQLiteConnection.CreateFile) ?

[edit] Maybe I am overthinking this. Is is sufficient to use Password option in the connection string? Would the file be encrypted properly in that case (or is it some weaker protection)?

+4  A: 

I recommend using the System.Data.Sqlite wrapper, which includes encryption. It works great, it's easy to use, and it's a complete ADO.Net implementation. You can get the wrapper from http://sqlite.phxsoftware.com/, and the developer describes how to use the encryption on his forum at: http://sqlite.phxsoftware.com/forums/t/130.aspx. Hint - you just set the password property. He also describes how he does the encryption using the Microsoft Crypto API elsewhere in the forum.

ebpower  2009-08-11 17:13:03
A: 

This method is not specific to SQLite per se but is a general file encryption suggestion.

(1) Use TrueCrypt (free/opensource) to create an encrypted wrapper file. This file should be larger than the expected max size of your database.

(2) When you mount this file, it will appear as a logical hard drive in you machine.

(3) Keep your sqlite databases in this logical hard drive.

Mount the drive before you are accessing your database via either odbc/jdbc or any other method.

The advantage of doing this is: Even if someone has access to your database password, they can't access the file since it is encrypted. They will need your Truecrypt password to open it.

hashable  2009-08-11 17:36:44
This is a useful suggestion for a user or admin. However, it is not as helpful when including the encryption feature in a program.
dbkk  2009-10-01 03:46:19
+1  A: 

I would try http://code.google.com/p/csharp-sqlite/, it's rewrite of sqlite 3.6.16 in C#, under MIT License. I supose it will be easy to tweak it.

Yakeen  2009-08-11 22:26:59
+2  A: 

Take a look at:

http://zetetic.net/software/sqlcipher

It is open source.

You can chek also the code for the wxsqlite3.

Krog  2009-10-06 05:35:18

related questions

Displaying Flash content in a C# WinForms application
How to get the value of built, encoded ViewState?
Unhandled Exception Handler in .NET 1.1
How do I connect to a database and loop over a recordset in C#?
How do I most elegantly express left join with aggregate SQL as LINQ query
Get a new object instance from a Type in C#
.NET Testing Framework Advice
Automatically update version number
What is the difference between an int and an Integer in Java/C#?
How to write to Web.Config in Medium Trust ?
WinForms ComboBox data binding gotcha
How do you sort a C# dictionary by value?
Adding Scripting functionality to .NET applications
Floating Point Number parsing: Is there a Catch All algorithm?
How do I print an HTML document from a web service?
Decoding T-SQL CAST in C#/VB.net
Anatomy of a "Memory Leak"
How do I get a distinct, ordered list of names from a DataTable using Linq
Reliable Timer in a Console Application
How do I fill a DataSet or a DataTable from a LINQ query resultset ?
What's the difference between Math.Floor() and Math.Truncate() in .NET?
How do I calculate relative time?
How do I calculate someone's age in C#?
Are there any conversion tools for porting Visual J# code to C#?
When setting a form's opacity should I use a decimal or double?