SQLCipher custom encryption parameters

Hi all.
I’m using sqlcipher to encrypt sqlite db using custom parameters such as,

PRAGMA cipher_page_size = 1024;
PRAGMA kdf_iter = 16000;
PRAGMA cipher_hmac_algorithm = HMAC_SHA512;
PRAGMA cipher_kdf_algorithm = PBKDF2_HMAC_SHA512;

These parameters are set up using graphycal interface of DBBrowser (SQLCipher) under Win with a specific password, and the resulting DB will be used in Raspberry let say.
I’m developing a C++ app to open the DB and query it. The result is that: file is not a database.

Went back to my Ubuntu vm and I’ve installed sqlcipher from apt. I also installed sqlitebrowser.

From the first executing pragmas and opening the db file gives the same error, from sqlitebrowser setting custom params on GUI, I’m able to open it.

What’s wrong with my steps? So what are correct steps to set custom config at command line to query the DB?
I think that this will help a lot for my C++ app too.

I’ve done another test from shell:

Use “.open FILENAME” to reopen on a persistent database.
sqlite> attach database ‘2388v0_enc.sqlite’ as db key ‘p69-4Rm^U9DRUz8?4Vr5Tg2ZkQMMJae=’
…> ;
sqlite> PRAGMA db.cipher_page_size = 1024;
sqlite> pragma db.kdf_iter=16000;
sqlite> .tables
Error: out of memory
sqlite> pragma db.cipher_hmac_algorithm = ‘HMAC_SHA512’
…> ;
sqlite> pragma db.HMAC_SHA512 = ‘PBKDF2_HMAC_SHA512’
…> ;
sqlite> .tables
Error: out of memory

Best regards,
Marco

Hi @bnam

How does your application apply the settings in relation to when you open and when you query it? Those settings will need to be executed both after you open the connection and key the database, but before you attempt to read anything from the database (including your call to .tables in the CLI).

Please note the above is invalid, see a working example below:

./sqlcipher foo.db
sqlite> pragma key = 'foo';
ok
sqlite> PRAGMA cipher_page_size = 1024;
sqlite> PRAGMA kdf_iter = 16000;
sqlite> PRAGMA cipher_hmac_algorithm = HMAC_SHA512;
sqlite> PRAGMA cipher_kdf_algorithm = PBKDF2_HMAC_SHA512;
sqlite> create table t1(a,b);
sqlite> insert into t1(a,b) values(1,2);
sqlite> .q

then attempt to access the database again:

./sqlcipher foo.db
sqlite> pragma key = 'foo';
ok
sqlite> PRAGMA cipher_page_size = 1024;
sqlite> PRAGMA kdf_iter = 16000;
sqlite> PRAGMA cipher_hmac_algorithm = HMAC_SHA512;
sqlite> PRAGMA cipher_kdf_algorithm = PBKDF2_HMAC_SHA512;
sqlite> .tables
t1
sqlite> select * from t1;
1|2

Ok.
I’ve tried to and from command line I were able to do those things and to query the DB.

Inside my application and I do:
sqlite3_open_v2(db_name)

but if I do sqlite3_key(key) I’ve got a SIGSEGV…

So I tried using PRAGMA also inside code, doing sqlite3_bind_text.
Pragmas are set in the correct order you suggested.

While from shell I’m able to query the DB, in C++ at first sqlite3_bind_value with the statement I’ve got: file is not a database.

Thanks in advance.

bnam

Hi @bnam

Are you using a Commercial edition of SQLCipher, or did you build the library yourself? Can you post a fragment of your code where you open and key the database?