Topics   All   Mac OS X (Only)   Windows (Only)   Linux (Only, Not)   iOS (Only, Not)  
Components   Crossplatform Mac & Win   Server (Not)   Client   Old   Guides   Examples
New in version: 6.1   6.2   6.3   6.4   6.5   7.0   7.1   7.2   7.3   7.4    Statistic  


You can change the key on a database using the Rekey Function.

Component Version macOS Windows Server FileMaker Cloud FileMaker iOS SDK
SQL 5.3 Yes Yes Yes Yes Yes

MBS( "SQL.SQLite3.ReKey"; Connection; Key { ; Encoding } )


Parameter Description Example value
Connection The connection reference number gained with SQL.NewConnection. $Connection
Key The new encryption key. "Hello World"
Encoding Optional
The text encoding for the key.
Default is UTF-8.
Possible encoding names: ANSI, Arabic-Mac, Arabic-Win, Baltic-Win, CentralEurope-Mac, ChineseSimp-Mac, ChineseSimp-Win, ChineseTrad-Mac, ChineseTrad-Win, Cyrillic-Mac, Cyrillic-Win, EasternEurope-Win, Greek-Mac, Greek-Win, Hebrew-Mac, Hebrew-Win, ISO-8859-1, ISO-8859-2, ISO-8859-3, ISO-8859-4, ISO-8859-5, ISO-8859-6, ISO-8859-7, ISO-8859-8, ISO-8859-9, ISO-8859-15, Korean-Johab, Korean-Mac, Korean-Win, Latin1, Mac, Native, ShiftJIS-Mac, ShiftJIS-Win, Turkish-Mac, Turkish-Win, UTF-8, DOS or Windows. Pass native to use the native encoding of the current platform.


Returns OK or error.


You can change the key on a database using the Rekey Function.
An empty key decrypts the database.

Rekeying requires that every page of the database file be read, decrypted, reencrypted with the new key, then written out again. Consequently, rekeying can take a long time on a larger database.

Most SEE variants allow you to encrypt an existing database that was created using the public domain version of SQLite. This is not possible when using the authenticating version of the encryption extension in see-aes128-ccm. If you do encrypt a database that was created with the public domain version of SQLite, no nonce will be used and the file will be vulnerable to a chosen-plaintext attach. If you call SetKey() immediately after Open when you are first creating the database, space will be reserved in the database for a nonce and the encryption will be much stronger. If you do not want to encrypt right away, call SetKey() anyway, with an empty key, and the space for the nonce will be reserved in the database even though no encryption is done initially.

A public domain version of the SQLite library can read and write an encrypted database with an empty key. You only need the encryption extension if the key is non-empty.


Change key to AES-256:

MBS( "SQL.SQLite3.ReKey"; $Connection; "aes256:" & $Key; "UTF-8" )

See also

SQL.SQLite3.MemoryUsed   -   SQL.SQLite3.SetKey

Feedback: Report problem or ask question.

MBS FileMaker Plugins