Self-contained Go sqlite3 driver with an AES-256 encrypted sqlite3 database conforming to the built-in database/sql interface. It is based on:
SQLite itself is part of SQLCipher.
The version tags of go-sqlcipher are the same as for SQLCipher.
SQLCipher 4.x is incompatible with SQLCipher 3.x!
go-sqlcipher does not implement any migration strategies at the moment. So if you upgrade a major version of go-sqlcipher, you yourself are responsible to upgrade existing database files.
See migrating databases for details.
To upgrade your Go code to the 4.x series, change the import path to
"github.com/mutecomm/go-sqlcipher/v4"
This package can be installed with the go get command:
go get github.com/mutecomm/go-sqlcipher
To create and open encrypted database files use the following DSN parameters:
key := "2DD29CA851E7B56E4697B0E1F08507293D761A05CE4D1B628663F411A8086D99"
dbname := fmt.Sprintf("db?_pragma_key=x'%s'&_pragma_cipher_page_size=4096", key)
db, _ := sql.Open("sqlite3", dbname)
_pragma_key
is the hex encoded 32 byte key (must be 64 characters long).
_pragma_cipher_page_size
is the page size of the encrypted database (set if
you want a different value than the default size).
key := url.QueryEscape("secret")
dbname := fmt.Sprintf("db?_pragma_key=%s&_pragma_cipher_page_size=4096", key)
db, _ := sql.Open("sqlite3", dbname)
This uses a passphrase directly as _pragma_key
with the key derivation function in
SQLCipher. Do not forget the url.QueryEscape()
call in your code!
See also PRAGMA key.
API documentation can be found here: http://godoc.org/github.com/mutecomm/go-sqlcipher
Use the function sqlite3.IsEncrypted() to check whether a database file is encrypted or not.
Examples can be found under the ./_example
directory
The code of the originating packages is covered by their respective licenses. See LICENSE file for details.