Integrity Protection on Android


#1

I would like to know more about the integrity protection of SQLCipher on Android. The “Design” page and the FAQ haven’t been very helpful. I would like to know:

  • What type of operations are protected. i.e. only the integrity of rows or also the whole table (insert, delete) or even the whole database file?
  • When is the integrity verified and is there a way to verify it manually?
  • What algorithms are used?
  • What keys are used for integrity protection? Is the key derived from the encryption key?

Thank you very much,
best regards,
Herbert Waltraud


#2

Hello Herbert,

Thank you for your interest in SQLCipher. The integrity protection within SQLCipher for Android is the same found within SQLCipher core. SQLCipher reads and writes pages of data representing the B-tree of the database. As it writes a page, it includes a hash-based message authentication code of the ciphertext and the random IV for that page. This follows the encrypt-then-mac approach of authenticated encryption. A different key, though derived from the encryption key is used to calculate the per page HMAC. The HMAC is then checked when a page is read back from disk to verify tampering of the data has not been performed.

Every page in the database includes a HMAC when enabled which is the default in SQLCipher 3.

This is performed automatically for you as you read content from the database. You could manually force this by querying all content from the database.

HMAC_SHA1

The key used to calculate page HMACs is different that the encryption key. It is derived from the encryption key and using PBKDF2 with 2 iterations and a variation of the random database salt.


#3

Thank you very much!