When encryption is enabled, the Berkeley DB SQL API uses native Berkeley DB encryption to assure the security of your data. As usual, the Berkeley DB SQL API is almost identical to the SQLite API, so you can use the syntax of the SQLite Encryption Extension to interact with your encrypted data.
Berkeley DB supports encryption using the Rijndael/AES algorithm. It is configured to use a 128-bit key. Berkeley DB uses a 16-byte initialization vector generated using the Mersenne Twister. All encrypted information is additionally checksummed using the SHA1 Secure Hash Algorithm, using a 160-bit message digest. For more information on BDB encryption, see the Berkeley DB Programmer's Reference Guide.
To learn about the APIs which are used in the SQLite Encryption Extension (SEE), see the official SQLite Documentation Page.
Berkeley DB does not implement SEE, but rather implements its own encryption extenstion that uses the SEE API as the public interface.
The Berkeley DB SQL interface does not support the sqlite3_rekey method.