Which tool can open encrypted DB

As far as I can tell, the Duplicati-server.sqlite is encrypted using the “SQLite Encryption Extension” (SEE), which is actually a paid extension to SQLite. However, there is a freely available implementation in the System.Data.SQLite .NET library, which is of course distributed with Duplicati. So I found the easiest way to query this database (assuming you don’t want to have Duplicati permanently unencrypt it) is to copy the file somewhere and use this Powershell code on Windows to decrypt that copy, which you can then open with your SQLite browser/tool of choice.

Here is the Powershell code to decrypt:

[Reflection.Assembly]::LoadFile("C:\Program Files\Duplicati 2\System.Data.SQLite.dll")

$sDatabasePath="C:\Temp\duplicati-test\Duplicati-server2.sqlite"
$sDatabaseConnectionString=[string]::Format("data source={0}",$sDatabasePath)
$oSQLiteDBConnection = New-Object System.Data.SQLite.SQLiteConnection
$oSQLiteDBConnection.ConnectionString = $sDatabaseConnectionString
$oSQLiteDBConnection.SetPassword("Duplicati_Key_42")
$oSQLiteDBConnection.open()

$oSQLiteDBConnection.ChangePassword("")
$oSQLiteDBConnection.close()

Of course, you should replace the path in the LoadFile line to correspond to your Duplicati install.
And replace the path in the value of $sDatabasePath with the place where you’ve put the copy of the database.

Yes, the default password (unless you changed it) is “Duplicati_Key_42”

Credit: Got some example code from here: Powershell: Working with a SQLite Database

Ancient C# example: Encrypting, decrypting and attaching to encrypted databases - System.Data.SQLite
Code that does this in Duplicati: duplicati/SQLiteLoader.cs at de13cbcbd0f85492e8b8603def0ced7d7472a8e4 · duplicati/duplicati · GitHub

I guess the method was removed in later releases (see below)

Duplicati 2.0.6.3 is distributed with System.Data.SQLite 1.0.111.0

For historical auditing purposes, it seems that starting with System.Data.SQLite version 1.0.113.0, support for encryption was entirely removed in this checkin:
https://system.data.sqlite.org/index.html/info/56170d1316782f1b
by modifying the file /Targets/SQLite.NET.Settings.targets, and setting the value of InteropCodec to false.
specifically the comment says “Merge all changes needed for the SQLite core library 3.32.0 release.”
Which reveals to us that the actual culprit is SQLite itself, where in release 3.32.0, they removed support for encryption as well, in this commit:
https://www.sqlite.org/src/info/5a877221ce90e752
Where the comment says “simplify the code by removing the unsupported and undocumented SQLITE_HAS_CODEC compile-time option

Neither the change in System.Data.SQLite nor in SQLite are documented in the release notes for these projects.

3 Likes