It's not yet possible to add encryption to an existing database, or to change or remove the key afterwards.
sqlite3_exec([db sqliteHandle], [[[NSString alloc] initWithFormat:@"attach database '%@' as encrypted key '%@';", escapedPath, escapedKey] UTF8String], NULL, NULL, NULL);
rc = sqlite3_exec([db sqliteHandle], [@"SELECT sqlcipher_export('encrypted');" UTF8String], NULL, NULL, NULL);
rc = sqlite3_exec([db sqliteHandle], [[[NSString alloc] initWithFormat:@"attach database '%@' as plain key '';", escapedPath] UTF8String], NULL, NULL, NULL);
rc = sqlite3_exec([db sqliteHandle], [@"SELECT sqlcipher_export('plain');" UTF8String], NULL, NULL, NULL);
int rc = sqlite3_rekey(_db, [keyData bytes], (int)[keyData length]);
On Jun 29, 2015, at 5:42 PM, Brendan Duddridge <bren...@gmail.com> wrote:Do you think this will be possible anytime soon? SQLCipher has a migration system built-in to migrate an unencrypted database to an encrypted database. It's quite straight forward actually:
If it won't be implemented in CouchbaseLite, do you think it would be ok to just hit the sqlite file outside of CouchbaseLite and do it myself? Obviously closing the database from CBLManager first before doing that.
If there are attachments, those files will have to be encrypted too. Each attachment file gets encrypted with an AES-256 key derived from the passphrase. You can see the details in the source file CBL_BlobStore.m.