Encrypting SQLite

You don't need to hack db format or sqlite source code. SQLite exposes virtual file-system (vfs) API, which can be used to wrap file system (or another vfs) with encryption layer which encrypts/decrypts pages on the fly. When I did that it turned out to be very simple task, just hundred lines of code or so. This way whole DB will be encrypted, including journal file, and it is completely transparent to any client code. With typical page size of 1024, almost any known block cipher can be used. From what I can conclude from their docs, this is exactly what SQLCipher does.

Regarding the 'problems' you see:

• You don't need to reimplement file system support, you can wrap around the default VFS. So no problems with locks or platform-dependence.
• SQLite's default OS backend is also VFS, there is no overhead for using VFS except that you add.
• You don't need block cache. Of course you will have to read whole block when it asks for just 4 bytes, but don't cache it, it will never be read again. SQLite has its own cache to prevent that (Pager module).

Didn't get much response, so here is my decision:

• Own encryption (AES128), CBC mode

• Codec interface (same as used by SqlCipher or system.data.sqlite)

• DB header unencrypted

• Page headers unencrypted as well and used for IV generation

• Using amalgamation SQLite distribution

AFAIK this solution should be better than either SqlCipher or system.data.sqlite.