One question about the keystore?

Does the raw key of sqlcipher is stoed in the sqlcipher database?

Hi @ellipse

No, neither a raw key, or a derived key (if using a standard password with key derivation) are stored within the SQLCipher database. They exist only in memory to perform the encryption/decryption operations. You may be interested in reading further about the SQLCipher design which is available here. You may use a hardware keystore to store an encryption key, however, that is not something that SQLCipher itself manages.

if the key is not stored in the sqlcipher database! how can we use "pragma key = ‘passphere’ " to verify the key is correct ?

Hi @ellipse

When you provide a key to the database, any attempt to read from a SQLCipher-encrypted database will cause the codec to attempt to decrypt some data using that key (be it derived or raw). If the password is correct, the decryption will work, otherwise you will receive an error.

I got it! Thanks! Use the decryption result to verify the password ! Excellent design!