Compatibility between Android and Ubuntu version of sqlcipher


#1

Hi,

I’m trying to open a sqlite database which was generated on Android on my Ubuntu machine.
However the command line client keeps throwing “Error: file is encrypted or is not a database” when I perform any operations after using PRAGMA key = ‘key’;
I’ve checked the cipher version, page size and encryption cipher, they all match. I’m also quite sure the password is correct since it is the same as in the code. Are there any other differences between Android and the native client that I should be aware of that make the passwords not compatible between the two?

Thanks!


#2

Hi @dirkjan

Do you know what version of SQLCipher was used to create the database? Depending on the version of the library used, the KDF iteration length, or HMAC page protection may be different.


#3

PRAGMA cipher_version reports 3.3.1 on Android (queried against the opened database), I’ve installed the same version on Ubuntu but that doesn’t work. I checked that the number of iterations were the same, not sure about the HMAC page protection.


#4

Hi @dirkjan

Does the Android application make any changes to the SQLCipher runtime configuration options? Have you verified the PRAGMA cipher_version; from the SQLCipher command line client on Ubuntu?


#5

I’m not aware of any changes it makes to the configuration. The database is opened with the following command:
this.a = net.sqlcipher.database.SQLiteDatabase.openOrCreateDatabase(p5, this.b, 0);
this.b is a password string and p5 is a File.
Both the client and Android report the same cipher_version.


#6

Hi @dirkjan

To verify you have compiled SQLCipher properly on Ubuntu, would you try creating a sample database (i.e., demo.db) using the command line client, then view the contents via:

hexdump -C demo.db

Please verify all displayed content appears to be encrypted.


#7

Yes the database appears to encrypt properly:
dirkjan@ubuntu:~$ sqlcipher blatest2.db SQLCipher version 3.8.10.2 2015-05-20 18:17:19 Enter ".help" for instructions Enter SQL statements terminated with a ";" sqlite> PRAGMA KEY = 'test'; sqlite> CREATE TABLE ad ( ...> ad INTEGER ...> ); sqlite> dirkjan@ubuntu:~$ hexdump -C blatest2.db 00000000 ef b9 1b 9f 8b 2c 0b 36 74 76 9d 4e 00 73 d1 df |.....,.6tv.N.s..| 00000010 a3 2f f8 ea 24 a5 4d 83 f2 cc 9f a8 ae 80 d3 39 |./..$.M........9| 00000020 7d 65 2f 94 d7 68 ca 6e d0 c4 5e 11 56 3a 31 e1 |}e/..h.n..^.V:1.| 00000030 c2 5e 4a 34 c5 bd 5e 82 e2 f6 b9 c6 c5 1e 88 5b |.^J4..^........[| 00000040 67 d0 27 19 b8 15 31 37 52 f6 83 b4 02 e8 d3 ba |g.'...17R.......| 00000050 05 a1 27 cb 14 05 c9 96 a0 c0 73 7e 88 c6 40 a9 |..'.......s~..@.| 00000060 86 59 20 1c 63 e4 6d ef d9 42 92 a4 40 a0 8b 4a |.Y .c.m..B..@..J| 00000070 16 8a fe a0 a1 a6 55 ad a0 eb 55 43 89 65 5d 23 |......U...UC.e]#|


#8

@dirkjan can you export the database file from android and hexdump that as well?

On ubuntu, are you using a version of SQLCipher you compiled yourself, or installed via the package manager?


#9

Here it is:
dirkjan@ubuntu:~$ hexdump -C db.sqlite3 00000000 ef b6 6e 7a 00 d2 dc ab d9 2a 6c ee 67 74 b3 5c |..nz.....*l.gt.\| 00000010 1c 62 69 7f 30 7e 9f 0e 91 b0 2e 63 d7 2f 75 fc |.bi.0~.....c./u.| 00000020 5a f3 11 77 1e 59 39 59 29 33 b1 8b 66 2f 78 45 |Z..w.Y9Y)3..f/xE| 00000030 71 52 71 3f 29 48 f1 2d a5 85 57 5c 11 6f 65 c1 |qRq?)H.-..W\.oe.| 00000040 ae 26 92 0c d3 63 33 2b fd e5 6a b1 60 77 20 b2 |.&...c3+..j..w .| 00000050 35 30 ca ed de 17 cc b8 1b 58 b5 17 41 f9 eb 8e |50.......X..A...| 00000060 80 74 43 d7 0d ed fa 04 21 7e 16 69 17 c5 74 38 |.tC.....!~.i..t8| 00000070 5a 23 98 67 26 34 c1 96 35 a2 84 3d 52 55 19 1e |Z#.g&4..5..=RU..|

I’ve tried it with both a self-compiled version and via the package manager. At the moment I’m trying it with a self-compiled version since I wanted to match the cipher version reported by Android.


#10

@dirkjan are you using a preKey hook or otherwise to execute PRAGMA statements on Android?

Other than the reported cipher_version on Android what version of the SQLCipher for Android package are you using?