PRAGMA cipher command is deprecated, please remove from usage


#1

So i tried using PRAGMA cipher command and received the below warning:
PRAGMA cipher command is deprecated, please remove from usage.

How can a database cipher be set or changed?

The current cipher version is 3.4.0

$ sqlcipher newEncrypted.db
SQLCipher version 3.11.0 2016-02-15 17:29:24
Enter “.help” for instructions
Enter SQL statements terminated with a ";"
sqlite> PRAGMA key =‘testingvalue’;
sqlite> PRAGMA cipher = ‘aes-256-cfb’;
PRAGMA cipher command is deprecated, please remove from usage.
sqlite>


#2

Hello @luoandre29,

The support for changing ciphers within SQLCipher has been deprecated and will be removed is some future version of SQLCipher. While it currently still works, you are notified via the prompt you received of the deprecation. You can confirm your current cipher by executing:

PRAGMA cipher;

#3

What’s the reasoning behind this? We would actually need to use a different cipher than the standard, and one would think you can just rely on libsodium or openssl to carry out the encryption.


#4

PRAGMA cipher is a relic dating back to the very first version of SQLCipher when OpenSSL was the only cryptographic backend. With the introduction of the cryptographic provider interface in SQLCipher, platform builds may use different providers depending on requirements, e.g. OpenSSL, CommonCrypto (Mac, iOS), Tomcrypt, or custom providers built by users. We can guarantee that AES 256 in CBC mode is supported, but unfortunately there is no common “extended” set of cipher, key length, and mode supported by all providers (or even within a single provider like OpenSSL the built in ciphers can vary).

In addition, not all cryptograpic libraries provide a simple, high level interface to the encryption libraries like the OpenSSL EVP functions. This can make runtime changes to the cipher key length and mode quite difficult and complex to implement.

Finally, the use of PRAGMA cipher can lead to runtime incompatibility between databases or even cases where an application using a shared library may work on one machined but not another.

Ultimately, we decided that this is not a good candidate for runtime configuration in the SQLCipher usage model. As such we have made the decision to deprecate the PRAGMA.

That said, it is still quite possible for developers to change around any settings they want at compile time. If a developer is really interested in modifying this behavior and has a controlled deployment model then can make an educated decision and adjust the build accordingly. They can do this either via defines (i.e. -DCIPHER=“aes-256-cfb”) or they can even construct their own custom cryptograpic provider for SQLCipher.


#5

Thanks @sjlombardo & @developernotes, this is really helpful. Could you point me to some docs that describe how to configure the librabry/cipher used? For me libsodium would be preferred if you support it.