SQLCIPHER sqlite encrypted iphone ios converting un-encrypted database to encrypted database

0
votes

I know that there are a few postings on this, but just want to make sure there is something that I am not missing / current.

Using sqlcipher, with an unencrypted database, want to encrypt it. Encrypting a new database is working fine.

Am trying the sqlcipher rekey with an existing database seems NOT to be working (Database remains unencrypted).

       [fmdb open];
       NSString *sel = @"SELECT count(*) FROM sqlite_master";            
       FMResultSet *fmr = [self executeQuery : fmdb : sel];

        if ( [fmr next] ) // unencrypted
        {
            NSLog(@"Encrypting");
            fmdb.key = @"";
            [fmdb rekey : @"somekey"];
        }

Otherwise will have to use one of the other PRAGMA methods, etc.

Does rekey only work with databases that are already encrypted?

This is using the FMDatabase Framework, but under the hood in the framework it is doing ...

    - (BOOL)rekey:(NSString*)key {
    #ifdef SQLITE_HAS_CODEC
    if (!key) {
        return NO;
    }

    int rc = sqlite3_rekey(db, [key UTF8String], (int)strlen([key UTF8String]));

    if (rc != SQLITE_OK) {
        NSLog(@"error on rekey: %d", rc);
        NSLog(@"%@", [self lastErrorMessage]);
    }

    return (rc == SQLITE_OK);
    #else
        return NO;
    #endif
   }

It does run though the sqlite3_rekey, no errors, but database does not get encrypted.

2
iphonesqliteencryptionsqlcipher
PRAGMA REKEY is what you use. You then, of course, need to do PRAGMA KEY (after the REKEY) to set the new key value. (I don't know what your fmdb functions translate as. Presumably rekey translates to PRAGMA REKEY. There should also be a key or setkey function.) - Hot Licks
Do note that SQLite requires the DB to be in a certain relatively "pure" state to be rekeyed. There shouldn't be any open queries, etc, and it may be that you have to close and reopen before doing the REKEY -- I forget the details.) - Hot Licks
If you do PRAGMA_REKEY and the DB does not become encrypted either you specified a blank/empty key or SQLCipher isn't installed. Once again, I don't know what the rekey function does. - Hot Licks
I have exactly the same problem today (FMDB, sqlcipher, iOS). Rekey feature does nothing... Did you find a solution ? - alex.bour

2 Answers

4
votes

All of the previous comments on this question are incorrect. You cannot use rekey to encrypt a plaintext database. Rekey is only to be used to change the encryption key on an encrypted database.

The correct way to encrypt a plaintext database is attach and export - see examples here http://sqlcipher.net/sqlcipher-api/#sqlcipher_export

0
votes

The trick was that when the database is used to check for encryption (next time opening app) when it is already encrypted, but do not use a key to do a select, this will fail, but then the database will HAVE to be closed and reopened again with the key.