Encryption basics • Compatibility • Performance

SQLCipher in DB Browser — Encryption Basics

Learn how SQLCipher encryption works in DB Browser, which parameters influence compatibility and performance, and what defaults to choose for secure, predictable results on Windows.

Get the portable build Open an encrypted DB

Fundamentals of SQLCipher encryption

SQLCipher extends SQLite with transparent AES‑256 encryption. A user‑provided passphrase is transformed into encryption keys using a key derivation function (KDF) with a salt and iterations. The database file is encrypted page by page and includes integrity protection.

Use strong, unique passphrases. Store them in a trusted password manager. Never hardcode or share passphrases in plaintext.

Passphrase → Key: Derived via KDF with salt and iterations.
Page size: Common values influence file layout and performance.
Integrity: Built‑in mechanisms help detect tampering and corruption.

Compatibility: what must match

When opening an existing encrypted database, the reader must know or match the original encryption parameters. Mismatches typically lead to “wrong key” or “file is not a database”.

KDF iterations: Higher counts are stronger but slower. Match the value used to create the database.
Page size: Must be consistent between creation and reading environments.
HMAC / cipher settings: Ensure the same integrity options and cipher configuration.

If you cannot open a database, first verify passphrase correctness, then confirm KDF iterations and page size used at creation time. Consult the original environment’s settings where possible.

Need a walkthrough? See Open an encrypted DB and Fix “wrong key”.

Recommended defaults

Choose defaults that balance security and performance for your hardware and data sensitivity. Use modern iteration counts and keep them consistent across all environments that will access the database.

Use a long, unique passphrase with sufficient entropy.
Select a page size compatible with your ecosystem and needs.
Adopt robust KDF iteration counts appropriate for modern machines.
Document chosen parameters for future maintenance and sharing.

For migration guidance, visit Migrate to SQLCipher. For operational hygiene, read Security best practices.

Performance considerations

Encryption adds overhead. Reasonable defaults and a few operational practices help keep performance acceptable.

Avoid unnecessary re‑keying operations on large databases.
Batch write operations where possible to reduce overhead.
Choose iteration counts that your target machines can handle comfortably.
Test import/export workflows with realistic data volumes.

See Performance tips for more guidance.

Common pitfalls and how to avoid them

Wrong iteration count: Keep records of the value used at creation time.
Mismatched page size: Ensure the same page size across environments.
Weak passphrases: Use a password manager and avoid reuse.
Untracked changes: Document and standardize parameters in team environments.

Trouble opening a DB? Start with Fix “wrong key” or visit the Troubleshooting hub.

Next steps

Page last modified: --

Canonical: https://db-browser.github.io/sqlcipher.html