Rekey and decrypt


#1

I’m starting to play with 4.0.0 on Windows.
I have successfully built sqlcipher.dll and a sqlcipher.exe.

All seem to function for creating a database and encrypting it with
PRAGMA key = ‘password’;

Its seems it is critical that this is the first command after opening the database.
If I try to do a SELECT and then the PRAGMA, the PRAGMA will fail.
Is this correct?

Now - how do I create a un-encrypted database using sqlcipher.exe?

It seems that the following does not produce and error but is also ignored

PRAGMA rekey; or
PRAMGA rekye = ‘’;

Thanks.


#2

Hello @mtissington

Yes, you will want to perform a keying operating (either PRAGMA key, or calling sqlite3_key directly) after you have opened the connection. Following that, we often suggest performing query such as:

SELECT COUNT(*) FROM sqlite_master;

as that table will always exist. Regarding the question of created an unencrypted database, you will want to use the sqlcipher_export(...) convenience function. Please review the documentation example # 1 specifically here.


#3

Thanks … It seems the following also works?

.open encrypted.db
PRAGMA key = ‘password’;
PRAGMA rekey;
.save plaintext.db

Am I missing something?


#4

Hello @mtissington

Can you explain a bit what you are trying to accomplish? If you are trying to create a plain-text copy of a SQLCipher database, you will need to use the sqlcipher_export(...) convenience function as described above. The PRAGMA rekey command is used for changing the password use for encryption, but you have to provide a new password with that command.


#5

@mtissington just to follow up on this, I believe that .save is intended to write in memory databases to disk. If I’m not mistaken it uses the internal backup API which is not supported with SQLCipher for conversion because it doesn’t properly account for differences in page size and allocations. As an added factor, that approach wouldn’t work programmatically since .save is a shell function. Thus, this approach should not be used with SQLCipher. If you are looking to convert back and forth between plaintext / encrypted databases using SQLCipher then sqlcipher_export() (as recommended by @developernotes) is the only supported and recommended way to do that.


#6

Thanks - this helps.