Moving from passphrase to raw key format

For SQLCipher, is it necessary to use the rekey command if we want to move from the passphrase key to raw key?

Also, if we want to move from non-standard raw key to the standard raw key format ( x’2DD29CA851E7B56E4697B0E1F08507293D761A05CE4D1B628663F411A8086D99’), do we need to use rekey?

Hi @nitinsethi86

Yes, you will need to use pragma rekey = ... to change the key used to encrypt the database, unless you are utilizing the C library directly, in which you can use sqlite3_rekey or sqlite3_rekey_v2. A raw key format can be provided which will prevent key derivation from occurring, that format is detailed in the documentation here.

Is there no other way at all by which we can change the format like below without rekey?

  1. passphrase -> non-standard raw key
  2. non-standard raw key -> standard raw key

Can just a raw key prevent key derivation or it has to be in the standard format?

Hi @nitinsethi86

If you wish to prevent key derivation, you will need to provide the key based on the raw key format in the documentation. If you are not currently using the raw key format, you will need to rekey the database and provide the new key value in the raw key format.

Is there no other way at all by which we can change the format like below without rekey?

Are you having a problem with rekey? You can use sqlcipher_export(...), however that will require a new database file, instead of performing the operation in place as rekey will.

No, I am not facing any issue with rekey. Thanks for your reply.