Dependency-free AES encryption for SQLite3 in a single ANSI C header file

bzt 1588e70199 Initial commit 6 éve
LICENSE 7f61ea6f48 Initial commit 6 éve
README.md 7f61ea6f48 Initial commit 6 éve
sqlite3aes.h 1588e70199 Initial commit 6 éve
test.c 7f61ea6f48 Initial commit 6 éve

README.md

SQLite3 AES C Header

This is a free, Open Source drop-in replacement for the proprietary SQLite3 SEE. This is a single, portable ANSI C99 header file without any cryptographic dependencies at all (no OpenSSL needed!).

As taking the minimalistic approach, it does not support entire database encryption / decryption, only encrypted database creation and operation. Also for reduced code size and simplicity, it only supports SHA-256 hash and AES-256-CBC cipher (both are strong enough). Therefore you can't open a database encrypted with SEE in sqlite3aes and vice versa, the compatibility is at C API level.

Usage

First of all, you'll need a standard, public SQLite3 amalgamation, sqlite3.c and sqlite3.h. Then in exactly one of your source files, do:

#define SQLITE3AES_SALT "SomethingUniqueToYourApplication"
#include "sqlite3aes.h"

This will include the implementation, with all of the sqlite3 stuff too (over 7Mbyte). If you prefer OpenSSL's libcrypto over the well-prooven and super-fast sqlite3aes version, you just have to include the OpenSSL headers first:

#include <openssl/sha.h>
#include <openssl/aes.h>

#define SQLITE3AES_SALT "SomethingUniqueToYourApplication"
#include "sqlite3aes.h"

In the source file where you want to open the database, do as you would with SQLite3 SEE:

#include "sqlite3aes.h"

sqlite3* opendb(char *dbfile)
{
    sqlite3 *db;
    char *password = "your very secret password";

    /* open the database */
    sqlite3_open(dbfile, &db);

    /* set up encryption */
    sqlite3_key_v2(db, NULL, password, strlen(password));

    return db;
}

That's it, no additional libraries required when linking.

License

Distibuted under the MIT license, you are free to use.

Author

bzt (bztsrc@gitlab), AES code originally taken from OpenSSL, but optimized a lot.