SQLCipher
Also known as: SQLite encryption, encrypted SQLite, transparent database encryption, at-rest database encryption
SQLCipher is an open-source fork of SQLite that transparently encrypts the entire database file with 256-bit AES. Applications read and write SQL normally while every page is encrypted on disk and decrypted only in memory. It derives the key from a passphrase using PBKDF2 and authenticates each page with HMAC, making it a standard tool for at-rest encryption on mobile and desktop apps.
SQLCipher solves a specific problem: ordinary SQLite writes your data to disk in plaintext, so anyone who copies the .db file reads everything. SQLCipher, a fork maintained by Zetetic, encrypts the file at the page level so the on-disk bytes are ciphertext, while your application still issues normal SQL and sees normal rows. The encryption is transparent — the app code barely changes; you just supply a key when you open the database.
Under the hood, SQLCipher uses 256-bit AES in CBC mode for confidentiality and attaches an HMAC-SHA512 to each page for integrity, so tampering with the ciphertext is detected rather than silently decrypted into garbage. When you open the database with a passphrase, it derives the actual encryption key with PBKDF2-HMAC-SHA512 — 256,000 iterations by default in modern versions — over a random 16-byte per-database salt stored in the file header. That salt means two databases protected by the same password still get different keys, defeating precomputed rainbow tables.
This makes SQLCipher a workhorse of at-rest encryption. It is the same engine the Signal desktop and mobile clients use to protect their local message store, and it is widely deployed precisely because it gives developers strong, audited file encryption without rewriting their data layer.
How it works
Each database page is encrypted independently with AES-256-CBC using a random initialization vector, then an HMAC is computed over the ciphertext and IV and appended to the page. On read, SQLCipher verifies the HMAC before decrypting; a mismatch raises an error instead of returning corrupt or attacker-controlled data. The HMAC key is itself derived from the main encryption key via a separate PBKDF2 pass, keeping the two roles cryptographically distinct.
The master key can be supplied two ways: as a passphrase (run through PBKDF2 to stretch it) or as a raw key (provided directly, skipping derivation — useful when a higher-level KDF already produced the key). The first 16 bytes of the file are the random salt; the rest is fully encrypted, including the SQLite header, so the file is indistinguishable from random data without the key.
How RVNT uses SQLCipher
RVNT stores its entire local database — messages, contacts, Double Ratchet session state, and prekeys — in a SQLCipher database. RVNT supplies a raw key rather than a passphrase: the user's PIN is stretched through Argon2id (64 MB memory cost), and HKDF derives the SQLCipher key from that. The key lives only in memory while unlocked and is zeroed on lock. See PIN & Duress Mode.
Frequently asked questions
Is SQLCipher the same as SQLite?
It is a fork of SQLite that adds transparent 256-bit AES encryption and other security features. The SQL interface is identical, so existing SQLite code works almost unchanged — you just open the database with a key. The on-disk file format differs because every page is encrypted.
What encryption does SQLCipher use?
By default it uses 256-bit AES in CBC mode for confidentiality and HMAC-SHA512 for per-page integrity. When opened with a passphrase, it derives the key using PBKDF2-HMAC-SHA512 with 256,000 iterations and a random 16-byte per-database salt.
Does SQLCipher protect my data if my phone is unlocked?
No. SQLCipher is at-rest encryption: it protects the database file on disk. Once the app is unlocked and the key is loaded into memory, the data is decrypted in use, so a compromised operating system or malware running on the device could still read it.
Every definition here describes something RVNT actually ships — a post-quantum, end-to-end-encrypted, peer-to-peer messenger with no phone number and no servers.