I have read this page about the value_level encrytion!
we know that SQLCipher database can be open with SQLite,it means that the attacker can copy one SQLCipher database and use SQLite to delete or update the original SQLCipher database.That’s right?
No, it cannot. SQLite has no ability to decrypt an encrypted SQLCipher database, and regardless, even if it did, it would need the key material/password from you to do so.
it means that the attacker can copy one SQLCipher database and use SQLite to delete or update the original SQLCipher database
No, that’s not the case, for the reason mentioned above.
Hello @ellipse,
After discussing it with the rest of the team, I thought I should provide a little more information to better answer your question and clarify the situation.
So, in the case of a database that is fully-encrypted by SQLCipher, that database cannot be opened by SQLite.
In the case of a database created by SQLCipher that is not fully-encrypted, but uses the VLE features of SQLCipher to encrypt part of the data like a table, that database can be opened up by SQLite, and SQLite could modify that database, for instance by updating or deleting the encrypted table. However, it would not be able to decrypt any of that encrypted data. If SQLite were used to modify or tamper with that encrypted data, it would then fail to decrypt when subsequently accessed by SQLCipher.
If access to and the integrity of the database file while using VLE features is a concern, it would be a good idea to also employ SQLCipher’s full-database encryption with a separate key.
Please let us know if you have any other questions!
Thanks for your answer!
I think this is a problem need to solve for VLE!
Hello @ellipse - Thanks for the feedback. The scenario you described isn’t a problem that VLE is intended to solve. VLE provides secure encapsulation of data values. Thus, the scope of integrity checking is on the individual value itself (i.e. a single column value), not the database. If you need to ensure integrity of the entire database then Full Database Encryption is the appropriate choice. It is also worth noting that these can be combined, so if you’re requirements called for it you could use Full Database encryption with one key, and then VLE inside of an encrypted database with one or more separate keys.