https://github.com/ncruces/go-sqlite3/tree/main/vfs/adiantum Skip to content Navigation Menu Toggle navigation Sign in * Product + Actions Automate any workflow + Packages Host and manage packages + Security Find and fix vulnerabilities + Codespaces Instant dev environments + Copilot Write better code with AI + Code review Manage code changes + Issues Plan and track work + Discussions Collaborate outside of code Explore + All features + Documentation + GitHub Skills + Blog * Solutions For + Enterprise + Teams + Startups + Education By Solution + CI/CD & Automation + DevOps + DevSecOps Resources + Learning Pathways + White papers, Ebooks, Webinars + Customer Stories + Partners * Open Source + GitHub Sponsors Fund open source developers + The ReadME Project GitHub community articles Repositories + Topics + Trending + Collections * Pricing Search or jump to... Search code, repositories, users, issues, pull requests... Search [ ] Clear Search syntax tips Provide feedback We read every piece of feedback, and take your input very seriously. [ ] [ ] Include my email address so I can be contacted Cancel Submit feedback Saved searches Use saved searches to filter your results more quickly Name [ ] Query [ ] To see all available qualifiers, see our documentation. Cancel Create saved search Sign in Sign up You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session. You switched accounts on another tab or window. Reload to refresh your session. Dismiss alert {{ message }} ncruces / go-sqlite3 Public * * Notifications * Fork 7 * Star 276 * * Code * Issues 4 * Pull requests 1 * Discussions * Actions * Wiki * Security * Insights Additional navigation options * Code * Issues * Pull requests * Discussions * Actions * Wiki * Security * Insights Files main Breadcrumbs 1. go-sqlite3 2. /vfs / adiantum / Directory actions [ ] More options Directory actions More options Latest commit History History main Breadcrumbs 1. go-sqlite3 2. /vfs / adiantum / Top Folders and files Name Name Last commit message Last commit date parent directory .. README.md README.md adiantum.go adiantum.go api.go api.go hbsh.go hbsh.go View all files README.md Go "adiantum" SQLite VFS This package wraps an SQLite VFS to offer encryption at rest. Warning This work was not certified by a cryptographer. If you need vetted encryption, you should purchase the SQLite Encryption Extension, and either wrap it, or seek assistance wrapping it. The "adiantum" VFS wraps the default SQLite VFS using the Adiantum tweakable and length-preserving encryption. In general, any HBSH construction can be used to wrap any VFS. The default Adiantum construction uses XChaCha12 for its stream cipher, AES for its block cipher, and NH and Poly1305 for hashing. Additionally, we use Argon2id to derive 256-bit keys from plain text. The VFS encrypts all files except super journals: they never contain database data, only filenames, and padding them to the block size is problematic. Temporary files are encrypted with random keys, as they may contain database data. To avoid the overhead of encrypting temporary files, keep them in memory: PRAGMA temp_store = memory; Important Adiantum is typically used for disk encryption. The standard threat model for disk encryption considers an adversary that can read multiple snapshots of a disk. The only security property that disk encryption (and this package) provides is that all information such an adversary can obtain is whether the data in a sector has (or has not) changed over time. Caution This package does not claim protect databases against forgery. Any encryption scheme that allows constant-time block updates can't prevent individual blocks from being reverted to former versions of themselves, so block-level authentication is of limited value. Footer (c) 2024 GitHub, Inc. Footer navigation * Terms * Privacy * Security * Status * Docs * Contact * Manage cookies * Do not share my personal information You can't perform that action at this time.