I am working @scott_coleman on this issue. Yeah I’ve tried utilizing the SQLiteDatabaseHook to switch cipher mode to aes-256-gcm in postKey.
The exact exception we get is…
I/Database: sqlite returned: error code = 26, msg = file is encrypted or is not a database
E/Database: CREATE TABLE android_metadata failed
E/Database: Failed to setLocate() when constructing, closing the database
net.sqlcipher.database.SQLiteException: file is encrypted or is not a database
From what I can tell the setLocate function is called after postKey so our statement “PRAGMA cipher=‘aes-256-gcm’;” in postKey should be executed. We previously had our database encrypted using the sqlcipher default of cbc using the fine example you guys provided. In order to satisfy our current requirement of gcm encryption we are following the “Changing Cipher Settings” example. Like as stated in Scott’s original post, our function based off the example to switch the cipher settings succeeds or at least doesn’t fail. The issue occurs when we attempt to open the database afterwards.
Is there another place we can change the cipher mode during the opening of our database? Perhaps we are missing a crucial step that isn’t included in the “Changing Cipher Settings” example we are following that may be causing issues on Android.
Examples I was referring to: https://www.zetetic.net/sqlcipher/sqlcipher-api/#sqlcipher_export (I’m sure you know what I was talking about but figured I would be complete). We are only changing the cipher mode, we have tried changing the cipher_page_size and kdf_iter but we still get the same error.