Hello @utelle thanks for getting back to us. I believe I understand what you’re saying, but I’m not sure how including the salt data in the HMAC would change things. A privileged external process could still come along and write to / obliterate that data if it were included in the 1st page HMAC. Either way, it would cause the HMAC check to fail.
Likewise, if a rogue process has the ability to write to the first 16 bytes, it would also be able to write elsewhere in the file, meaning it could easily corrupt data anywhere in the file.
Finally, it’s worth noting that if an application wants to manage it’s own salt and key data (e.g. in some other external secure storage like Android Keystore or iOS keychain), that is already possible via raw key semantics introduced in SQLCipher version 3.
On a related note there are also improvements to SQLCipher on prerelease that allow you to selectively query and set the salt (overriding the header) via a new