Integerity Protection granularity!

Hi! I use a hexedit tool to open a sqlcipher database, and change a little information in Hex mode.I found even a little information has been tampered, the whole databases can not been used! I know sqlcipher use hmac to hash every encrypted pages, so I am thinking that if I execute a SQL comand that doesn’t need to traverse the tampered pages, can I get the expected result?
note:I have tried some SQL commands, but all report “file is not a database” :joy:

Hello @yep_zhang, that is correct, if you execute a statement that does not load a tampered page SQLCipher will not trigger an error.

The most likely reason you are seeing an error with your test is that you are manipulating the front of the database:

  1. The first 16 bytes are used for KDF salt, corruption in that segment can render the entire database unreadable, since an incorrect encryption key will be derived for the database.
  2. The first few pages are accessed every time a database is opened because they contain metadata, schema, indexes, etc. Corruption of those pages will therefore always result in an HMAC check failure.

Thanks! You are right, and I find I manipulate the first page. :rofl: