Physical access is total access in a system where you can read the data. Tell me, what possible system could prevent VACUUM INTO from the protected DB to a plain SQLite DB? You can play games with public-key cryptosystems to sign the blobs so that unhacked client programs can check for legitimate signatures before showing the result, but there again you've got to ask how likely it is that a bad actor wouldn't just modify the client to read anything, or intercept the signature check, or replace the keys, or whatever. This sounds like a good use of web technologies, allowing you to put the data on the other side of an authorization layer, which only lets the owner of the data modify or replace it.