What does HackerNews think of sqlcipher?
SQLCipher is a standalone fork of SQLite that adds 256 bit AES encryption of database files and other security features.
Local-only iOS+macOS Codebook sync (open-source encrypted! by SQLCipher) provides password and TOTP convenience, durability, transparency, decentralization and fewer supply chain dependencies with one-time purchase. Founded in 2005.
SQLite's amazing too though, when you don't need concurrency (and most websites don't really -- especially the ones that should be scaling vertically instead of horizontally).
Anyway here's some cool SQLite stuff:
- https://github.com/CanonicalLtd/dqlite
- https://github.com/rqlite/rqlite
- https://datasette.readthedocs.io/en/stable/
- https://www.sqlite.org/rtree.html
- https://github.com/sqlcipher/sqlcipher
- https://github.com/benbjohnson/litestream
- https://github.com/aergoio/aergolite
- https://sqlite.org/lang_with.html#rcex3
- https://github.com/sql-js/sql.js
- https://www.gaia-gis.it/fossil/libspatialite/index
- https://github.com/h3rald/litestore
- https://github.com/adamlouis/squirrelbyte
- https://github.com/chunky/sqlite3todot
Not sure how reliable and resilient SQLCipher is but that might (significantly?) increase the risk for a bug/corruption to occur. And the encryption certainly makes the analysis more difficult (while, at least on GNU/Linux, I don't see any advantage as the encryption key is stored unencrypted in ~/.config/Signal/config.json - not sure if other Desktop platforms support secure keystores like on Android and iOS). I briefly tried to analyze my corrupted DB but quickly gave up as I'm not familiar with SQLCipher and basically only got a generic "Error: file is not a database" error message when trying to decrypt it (and there's no plaintext header IIRC so it looks just like random data).
I also had multiple backups of the SQLCipher DB that I could successfully access manually but I was unable to use them for Signal-Desktop (not sure if this was due to some other Electron DBs/state, the stateful Signal protocol, or something else - IIRC the only hint was the "Database startup error: Error: SQLITE_NOTADB: file is not a database" message that didn't really help much).
https://www.sqlite.org/see/doc/release/www/index.wiki
There are third party encryption approaches for SQLite. One of the most popular is SQLCipher:
https://github.com/sqlcipher/sqlcipher/
Those two don't have compatible file formats. eg no interoperability
Not sure if any others do, but yeah it would be handy if there are.