enable secure delete on all encrypted databases

src/crypto.c

@@ -239,6 +239,11 @@ int sqlite3CodecAttach(sqlite3* db, int nDb, const void *zKey, int nKey) {
 
     codec_set_btree_to_codec_pagesize(db, pDb, ctx);
 
+    /* force secure delete. This has the benefit of wiping internal data when deleted
+       and also ensures that all pages are written to disk (i.e. not skipped by
+       sqlite3PagerDontWrite optimizations) */ 
+    sqlite3BtreeSecureDelete(pDb->pBt, 1); 
+
     /* if fd is null, then this is an in-memory database and
        we dont' want to overwrite the AutoVacuum settings
        if not null, then set to the default */

test/crypto.test

@@ -271,7 +271,9 @@ file delete -force test.db
 # delete another 50%
 # then rekey it. Make sure it is immediately
 # readable. Then close it and make sure it can be
-# read back 
+# read back. This test will ensure that Secure Delete
+# is enabled and all pages are being written and are not
+# being optimized out by sqlite3PagerDontWrite
 do_test rekey-delete-and-query-1 {
   sqlite_orig db test.db
 
@@ -311,7 +313,7 @@ do_test rekey-delete-and-query-1 {
     PRAGMA rekey = 'test321';
     SELECT count(*) > 1 FROM t1;
   }
-} {}
+} {1}
 db close
 file delete -force test.db