Home  » Products  » SQLiteTDE
SQLiteTDE - A Page Encrypted SQLite Library
P6R's SQLiteTDE library provides page encryption using authenticated encryption with associated data (AEAD) algorthims to secure the database and its data.
  • Royalty Free License
  • Available for Windows™ | Linux™ | Linux™ ARM (with source license)
Please contact our sales team if you have any questions.
P6R's SQLiteTDE library provides page encryption using 256bit authenticated encryption with associated data (AEAD) algorithms (AES-GCM or ChaCha20Poly1305) to secure the a SQLite database and its data.
SQLiteTDE is an extension to the SQLite database that encrypts/decrypts each page as it is read or written by the database providing Transparent Data Encryption (TDE) functionality for SQLite databases. The entire database is read and written using this mechanism. A simple C API is provided to manage encryption.
  • Uses Best Practice Encryption Algorithms (AEAD).
  • Standard Based AES-GCM 256 or ChaCha20Poly1305 256 Ciphers.
  • Standard C Interface.
  • All Database Data Is Encrypted.
  • Single Key Encryption and Authentication.
  • Encryption Provided by Peer Reviewed OpenSSL Library.
  • Windows and Linux Support.

Simple API

P6R's SQLiteTDE provides a very simple and easy to use API that enables you to set an encryption key for a corresponding database instance. Minimal code change, only requiring add a single line of code. Completely transparent to the application. No need to add PRAGMA statements. For example:

   /* Open a sqlite database instance */
   rc = sqlite3_open_v2(szDB, &db, (SQLITE_OPEN_READWRITE | SQLITE_OPEN_FULLMUTEX), NULL);

   /* Set the page encryption key */
   rc = sqlite3_p6r_setkeys(db, szDB, key, cKey, flags);

   /* Use the database and close it when you are done */
   rc = sqlite3_prepare_v2(db, "SELECT * FROM some_table;", -1, &pStmt, 0);
   rc = sqlite3_close(db);
You manage and store the key, enabling you to use hardware (eg. HSM, KMIP Server, Token, etc) or software (eg. OpenSSL, some other crypto library) to generate and manage the key securely.


P6R's SQLiteTDE uses 256-bit AES-GCM or ChaCha20Poly1305 ciphers to perform encryption operations. The ciphers themselves are provided by your operating systems OpenSSL which has gone through extensive peer review. Each page is encrypted using a unique IV and the IV is generated using OpenSSL's cryptographically secure random number generator.
Using AEAD ciphers like AES-GCM and ChaCha20Poly1305 enables us, for each page, to check the integrity and the authenticity of both the plaintext and the ciphertext as well as ensure confidentiality of the ciphertext. AEAD binds associated data (AD) platintext to the ciphertext and to the context where it is supposed to appear, preventing cut 'n' paste attacks. OpenSSL provides this implementation, making the implementation much more secure than home growing a similar solution since it would not recieve the same level of peer review.

Supported Platforms

SQLiteTDE™ is currently supported on the following platforms:

  • Windows 10 (32bit/64bit), Windows Server 2016+ (32bit/64bit)
  • Linux x86 Kernel 2.6+ (32bit/64bit)
  • Linux ARM Kernel 2.6+ (32bit/64bit) (with source license)

Licensing and Upgrades

Our "Develop Anywhere / Deploy Anywhere"™ License Highlights

  • Per-product license, no per developer costs.
  • Royalty free. The library can linked into your prouct and redistributed royalty free on any supported platforms.
  • One license covers all platforms. No need to purchase a license for each platform.
  • Site licenses are also available.
  • Contact Sales for licensing options.
Our products and licenses are designed to enable you to develop, test and deploy your solutions on any platform or platforms (that we support) without per-seat or per-platform restrictions.