Pragma Cipher not persisting on IOS


#1

I am trying to set the cipher version on my IOS apps to use GCM encryption by running the command PRAGMA cipher = 'aes-256-gcm' What I’m finding is on all of my apps, IOS is not persisting this cipher change and defaulting back to CBC mode.

Has anyone ran into this issue of the cipher mode not persisting, or is it even possible on IOS to change the cipher?

Edit I forgot to mention, I am running this command right after I set the key, and this issue is showing up on older Objective C projects as well as a newer swift project


#2

Hi @chrisfahlin

If you’re using the default cipher provider for iOS (common crypto) you’re not going to be able to change the cipher at runtime as it doesn’t support multiple ciphers.

As noted on the SQLCipher design page under “Security Features”:

The default algorithm is 256-bit AES in CBC mode (cipher and mode can be changed at run time via PRAGMA cipher, though only when using a cryptography provider that supports multiple ciphers, i.e. OpenSSL).

You can check your cipher provider by running PRAGMA cipher_provider

If you build SQLCipher for iOS using OpenSSL as a crypto provider it should support changing ciphers.

https://www.zetetic.net/sqlcipher/ios-tutorial/

https://www.zetetic.net/blog/2013/6/27/sqlcipher-220-release.html

I’d also like to note that PRAGMA cipher is deprecated, and should be removed in future implementations.

Please let me know if you have any further questions. Thanks!

Cheers,
Micah