Step‑by‑step HowTo • Windows 10/11

Encrypt and Decrypt with SQLCipher in DB Browser

Learn safe, repeatable workflows to create a new encrypted database, convert an existing one, rotate passphrases (rekey), and export a plain copy when necessary — all using DB Browser with SQLCipher support.

Get the portable build Encryption Basics Open an Encrypted DB

Create a new encrypted database

  1. Open DB Browser and choose New Database.
  2. Select encryption with SQLCipher when prompted and enter a strong passphrase.
  3. Set or confirm cipher options (page size, KDF iterations) if available.
  4. Create your tables and start importing data as needed.
Need a refresher on parameters? Read SQLCipher basics and Performance tips.

Encrypt an existing unencrypted database

Use the built‑in encryption tool to convert a plain SQLite database into a SQLCipher‑encrypted one. Always work on a backup first.

  1. Back up the original database file.
  2. Open the unencrypted database in DB Browser.
  3. Start the Encrypt/Set Encryption action and choose SQLCipher.
  4. Enter a strong passphrase and confirm cipher settings.
  5. Save and reopen the file to verify successful encryption.
If you cannot reopen the file, confirm passphrase correctness and that the iteration count and page size are set as intended.

More help: Open an encrypted DBFix “wrong key”Troubleshooting hub.

Change passphrase (rekey)

Rekeying rotates the passphrase and derives new keys. Schedule this for routine credential hygiene and after potential exposure. Back up before you begin.

  1. Open the encrypted database and provide the current passphrase.
  2. Run the Change Passphrase/Rekey action.
  3. Enter and confirm the new passphrase.
  4. Reopen the database to validate the change.
After rekeying, verify that other environments (apps, services) are updated with the new credentials.

Decrypt to a plain SQLite copy

For interoperability or temporary processing, you may need a non‑encrypted copy. Export a plain copy and handle it with extra care.

  1. Open the encrypted database with the correct passphrase.
  2. Use the Export/Save As (plain) workflow to produce an unencrypted file.
  3. Verify the output by reopening the plain copy.
Plain copies must be protected. Store them securely, scrub sensitive data when possible, and remove temporary files after use.

Next steps

Page last modified: --
|
Canonical: https://db-browser.github.io/encrypt-decrypt-sqlcipher.html