Problem with pragma cipher_memory_security

I am coding in B4A (Android) and recently moved to the latest (?maybe not anymore) version of SQLCipher. The SQLite version is 3.41.2.

If I run:
pragma cipher_memory_security = ON
then that is fine memory security is on as demonstrated by
running: pragma cipher_memory_security
and seeing the return value 1

However I can’t turn it off by running:
pragma cipher_memory_security = OFF
so the pragma will still return 1 and queries are still slower.
I am testing with a recursive sudoku query and that is about twice as slow with cipher_memory_security set on ON.

Strangely, if I compile the app in B4A then the app picks up the Off setting OK.
I have posted about this in the B4A group, but no reply yet.

Any suggestions what is going on and if this can be fixed?

RBS

Hi @RBS,

The PRAGMA cipher_memory_security feature is off by default [1] due to the performance impact of the feature. Once enabled at runtime, you cannot disable it [2].


  1. SQLCipher API - Full Database Encryption PRAGMAs, Functions, and Settings | Zetetic ↩︎

  2. sqlcipher/src/crypto_impl.c at master · sqlcipher/sqlcipher · GitHub ↩︎

Ok, thanks.
I can though return the setting to off by recompiling the app. I take it this happens when the app starts directly after the copile.
Pragma cipher_memory_security = OFF
is run directly after initialising the DB connection.
I will check this and see what happens when pragma doesn’t run on startup.
It looks I shouldn’t give the user then to turn this on.
RBS

Indeed if pragma cipher_memory_security doesn’t run at the app startup, then a recompile of the app
will turn it off. So it was not the pragma that changed the setting in a compile off the app, but it just returned to the default, that is off.

RBS

Hi Nick,

It would be nice if this could be turned back to off by running the pragma.
As it is the default in any case I am not sure why it has been code so that
it can’t be turned back to off.

RBS

Hi @RBS,

When you enable cipher_memory_security the library will start to lock memory segments allocated within the SQLite memory system. If you enable that feature, then turn it off, memory would be lock, but not unlocked prior to freeing. This can cause errors/crashes on certain platforms, GrapheneOS in particular. I’m not sure what you mean by recompiling the application.

Hi Nick,
OK, I understand. With recompiling I mean compiling my app with B4A.
RBS