Skip to content

Add encryption support through SQLite3MultipleCiphers #288

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 16 commits into from
Dec 4, 2025
Merged

Add encryption support through SQLite3MultipleCiphers #288

merged 16 commits into from
Dec 4, 2025
+3,560 −37

Conversation

@simolus3
Copy link
Contributor

@simolus3 simolus3 commented Nov 10, 2025
edited
Loading

This adds the com.powersync:sqlite3multipleciphers package, providing encryption support.

This package has to replicate what :core is using as a SQLite driver on all targets:

  • For Kotlin/Native, we replicate what static-sqlite3-driver does already (except that we link SQLite3MultipleCiphers instead of the normal SQLite library). Since these are ABI-compatible, we can use the native driver that is already part of the :common package.
  • For Android and JVM, the situation is a bit trickier. Since there is no good pre-packaged build of SQLite3MultipleCiphers (and since SQLCipher has a limited API that can't be used to implement our driver API), we need our own build.
    • The package is essentially a copy of what androidx.sqlite:bundled-sqlite-driver does. I've copied the sources and kept copyright headers. The only change is that the package name has been updated to com.powersync.encryption. The sources contain Kotlin classes and the sqlite_bindings.cpp file providing a JNI wrapper around SQLite.
    • Cross-compiling JNI libraries is madness and took me several approaches. We run the compilation on macOS hosts only, and:
      • For macOS targets, use the clang installation from XCode.
      • For Windows targets, use mingw-w64. Except that doesn't have prebuilt binaries that work on Apple silicon macs, so we're actually using llvm-mingw.
      • For Linux targets, use clang from a homebrew installation already installed on GitHub assets. Clang can cross-compile natively, but will need libc headers and compiler builtins for the target platform. I've added a shellscript that downloads these from Archlinux packages, the Gradle build task then points clang towards the relevant sysroot.

I really don't like this build process, but at least it runs reliably in CI. I've opened a pull request to attach the output of this build to GitHub releases doing forward. After the next release, I'll configure the build to download assets from there by default.

There's no example for the new project yet, but there is a simple unit test for all JVM + native platforms. On Android, I'm running integration tests as part of the device check.

@simolus3 simolus3 marked this pull request as ready for review December 3, 2025 13:56
stevensJourney
stevensJourney approved these changes Dec 4, 2025
View reviewed changes
Copy link
Contributor

@stevensJourney stevensJourney left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The build process, while complex, is very impressive. This looks good to me :)

@simolus3 simolus3 merged commit 5ed3d4b into main Dec 4, 2025
21 of 26 checks passed
@simolus3 simolus3 deleted the sqlite3mc branch December 4, 2025 07:55
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@stevensJourney stevensJourney stevensJourney approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@simolus3 @stevensJourney