I’m playing around with SQLCipher in my Android application and I’m wondering what the recommended way of dealing with lost encryption keys are? Let’s say the database encryption key is based on user input and the user would like to change the key. How can I correctly recreate the database with the new encryption key?
Hi @ardevd
Thank you for your interest in SQLCipher. SQLCipher does require the encryption key in order to access any content, however if your user wishes to change their password (which the encryption key is derived from), you can use the PRAGMA rekey
command. If you are using SQLCipher for Android, you can use the changePassword(...)
function on the SQLiteDatabase
class instance which will handle this for you.
Thanks for the insight. What about if the user forgets the password and would like to reset the password, and presumably, wipe the db?
Hi @ardevd
Without the password, you would not be able to access the content. You could certainly offer to recreate the database in that scenario.
Yes I know. Hence my question on how to do so
You are asking how to recreate the database? You would need to delete the database file, then open a new database connection to the file and apply the database schema for your application.
What you describe is not trivial however. At least not when using SQLiteOpenHelper as it doesn’t take too kindly to the database file suddenly being deleted. Without SQLite I can always just drop all tables and recreate them but I was hoping there some kind of way to rewrite the database with a different encryption key in case the old key is lost.
Hope that made sense.
SQLiteOpenHelper
would only care about that if the database were open. In your case, the database is closed, as you were unable to open it, so deleting all the database files should not be a problem for SQLiteOpenHelper
.