SQLCipher(v) compatibility with openssl(v)

Hello,

New to sqlcipher world , One of our Android app uses SQLCipher v3.3.1 with openssl v1.0.2j.

Problem:
v1.0.2j openssl has known vulnerabilities and required to update to new latest openssl v1.1.1g.

Queries:

  1. SQLCipher v3.3.1 can be ported to use openssl v1.1.1g(Latest Openssl)? Any changes needed at app side if done? Where to find the compatibility details document?

2)Or move our app to use SQLCipher v4.4.0 which uses openssl v1.1.1g(Latest Openssl)? and flow upgrade steps as below?

Please suggest the best approach and thoughts on this .

Thanks
Nithin

Hello @Nithin_SC

Our recommendation would be to upgrade to the latest version of SQLCipher, using the documentation linked above as your guide, that will provide you with the latest SQLCipher release including an updated OpenSSL integration.

1 Like

Thanks for the reply! " SQLCipher v3.3.1 can be ported to use openssl v1.1.1g(Latest Openssl)? Any changes needed at app side if done? Where to find the compatibility details document?" is this feasible?

Hi @Nithin_SC

We would still recommend upgrading to the latest SQLCipher for Android. If you have a need for a custom build of SQLCipher, please reach out at support@zetetic.net to discuss Enterprise Licensing.

error: undefined reference to ‘EVP_sha256’ undefined reference to ‘PKCS5_PBKDF2_HMAC’

We are getting above errors when used libsqlcipher.so(4.4.0). Please suggest.

Hi @Nithin_SC

Are you bundling the AAR as a Gradle reference? Are you able to reproduce this within the SQLCipher for Android test suite?

Hello! No, i am using prebuilt libsqlcipher.so(4.4.0) directly in my project and trying function PKCS5_PBKDF2_HMAC.

What do you mean by this? Can you post a sample of the code you are trying to execute? Can you post the stack trace you get?

@developernotes @sjlombardo hello!
Migrating from 3.3.1 to 4.4.0

  1. https://github.com/couchbase/couchbase-lite-java-core/blob/master/src/main/java/com/couchbase/lite/storage/SQLiteStorageEngineBase.java#L128

Decrypt DB gets exception as sqlcipher is 4.4.0, after getting exception i am calling with old key and then call cipher_migrate but the return value is 1 .

 connection.execute("PRAGMA key = \"x'" + key.getHexData() + "'\"", null, null);

long cipherMigratValue = connection.executeForLong(“PRAGMA cipher_migrate”, null, null);
Log.d(“Sync”, "cipher_migrate value " + cipherMigratValue);
if(cipherMigratValue == 0){
Log.d(“Sync”, “cipher_migrate passed” );
connection.executeForLong(“SELECT count(*) FROM sqlite_master”, null, null);
}else{
Log.d(“Sync”, "cipher_migrate value failed " + cipherMigratValue);
throw new com.couchbase.lite.internal.database.SQLException();
}

1)Please suggest what are settings to be looked at?
2)https://www.zetetic.net/sqlcipher/sqlcipher-api/#cipher_migrate
" 1. If SQLCipher throws an error on first access, close the database handle. Then open it and run PRAGMA cipher_migrate (e.g. in the case of Android you can use the postKey hook). This will attempt to upgrade the database."

Elaborate more on " close the database handle"

Thanks
Nithin

Hi @Nithin_SC

Would you mind executing the following SQL command from your application when using the older 3.3.1 version of the database library:

PRAGMA cipher_version;

What value does the library report back?

hello,

Output is “cipher_version: 3.3.1”

@developernotes @sjlombardo Migrating from 3.3.1 to 4.4.0 with PRAGMA cipher_compatibility = 3
.
1)Everything is working well with below order of PRAGMA calls and data retained from 3.3.1 after moving to 4.4.0. Note no “REKEY
a)PRAGMA key=“x’PKCS5_PBKDF2_HMAC_KEY”
b)PRAGMA cipher_compatibility = 3;

2)But fails in below use case
1)On migrating to 4.4.0, Open DB with old key which was used in 3.3.1 with cipher_compatibility=3 is pass.
2)rekey with newer key and encrypt the database using sqlcipher_export. as mentioned in option 3 in link. Note no PRAGMA called.
“ATTACH DATABASE ‘sqlcipher-4.db’ AS sqlcipher4 KEY ‘’;
SELECT sqlcipher_export(‘sqlcipher4’);
DETACH DATABASE sqlcipher4;”


3)Try opening with cipher_compatibility=3 with new key fails to open the DB.

Please share your thoughts. Is the settings a issue here?

Thanks
Nithin

Hi @Nithin_SC

Given the Couchbase reference from above, it would be good to validate whether you can open the database created using version 3.3.1 of the software using DB Browser for SQLite. The latest nightly edition of DB Browser (available here) provides support for opening both SQLCipher 3 and SQLCipher 4 databases. Would you try this out and let us know your results?

1 Like

@developernotes hello!
Tried opening the DB using DB Browser using “passphrase” but failed to open. How to enter rawkey in the DB Browser.? Attached is DB file and key details.

passphrase = NITHIN
rawkey=a8dbbb988d988685b16137d485960d90b13d227725296a4aef251a376a96e44d

Logs:
"
[10/07 20:35:52:450] [7232] Database: setFilterCompiler: com.couchbase.lite.javascript.JavaScriptReplicationFilterCompiler@808002
[10/07 20:35:52:450] [7232] Database: getDatabase() com.couchbase.lite.Manager@21dfd4d com.couchbase.lite.Database@1434d13[/data/user/0/com.abc.company/files/mydb.cblite2]
[10/07 20:35:52:450] [7232] Database: Opening com.couchbase.lite.Database@1434d13[/data/user/0/com.abc.company/files/mydb.cblite2]
[10/07 20:35:52:467] [7232] Database: open keyOrPassword: NITHIN
[10/07 20:35:52:467] [7232] Database: createSymmetricKey keyOrPassword: NITHIN
[10/07 20:35:52:468] [7232] Database: Successfully load native library: cbljavasqlcipher
[10/07 20:35:52:469] [7232] Database: Successfully load native library: cbljavasqlcipher
[10/07 20:35:52:509] [7232] Database: createSymmetricKey rawKey string: �ۻ������a7ԅ�
��="w%)jJ�%7j��M
[10/07 20:35:52:510] [7232] Database: createSymmetricKey SymmetricKey string: a8dbbb988d988685b16137d485960d90b13d227725296a4aef251a376a96e44d ([-88, -37, -69, -104, -115, -104, -122, -123, -79, 97, 55, -44, -123, -106, 13, -112, -79, 61, 34, 119, 37, 41, 106, 74, -17, 37, 26, 55, 106, -106, -28, 77])
[10/07 20:35:52:511] [7232] Database: createSymmetricKey SymmetricKey getHexData: a8dbbb988d988685b16137d485960d90b13d227725296a4aef251a376a96e44d
[10/07 20:35:52:511] [7232] Database: open encryptionKey: a8dbbb988d988685b16137d485960d90b13d227725296a4aef251a376a96e44d ([-88, -37, -69, -104, -115, -104, -122, -123, -79, 97, 55, -44, -123, -106, 13, -112, -79, 61, 34, 119, 37, 41, 106, 74, -17, 37, 26, 55, 106, -106, -28, 77])
[10/07 20:35:52:522] [7232] Sync: PRAGMA keyis: PRAGMA key = “x’a8dbbb988d988685b16137d485960d90b13d227725296a4aef251a376a96e44d’”
[10/07 20:35:52:528] [7232] Sync: PRAGMA cipher_version: 4.4.0 community
[10/07 20:35:52:528] [7232] Sync: ******** settings before calling PRAGMA cipher_compatibility = 3; is *****
[10/07 20:35:52:529] [7232] Sync: PRAGMA cipher_settings: PRAGMA kdf_iter = 256000;
[10/07 20:35:52:529] [7232] Sync: PRAGMA cipher_hmac_algorithm: HMAC_SHA512
[10/07 20:35:52:529] [7232] Sync: PRAGMA cipher_provider_version: OpenSSL 1.1.1g 21 Apr 2020
[10/07 20:35:52:529] [7232] Sync: PRAGMA cipher_kdf_algorithm: PBKDF2_HMAC_SHA512
[10/07 20:35:52:530] [7232] Sync: PRAGMA cipher_page_size: 4096
[10/07 20:35:52:530] [7232] Sync: ******** settings after calling PRAGMA cipher_compatibility = 3; is *****
[10/07 20:35:52:530] [7232] Sync: PRAGMA cipher_compatibility = 3; done
[10/07 20:35:52:531] [7232] Sync: PRAGMA cipher_settings: PRAGMA kdf_iter = 64000;
[10/07 20:35:52:531] [7232] Sync: PRAGMA cipher_hmac_algorithm: HMAC_SHA1
[10/07 20:35:52:531] [7232] Sync: PRAGMA cipher_provider_version: OpenSSL 1.1.1g 21 Apr 2020
[10/07 20:35:52:531] [7232] Sync: PRAGMA cipher_kdf_algorithm: PBKDF2_HMAC_SHA1
[10/07 20:35:52:531] [7232] Sync: PRAGMA cipher_page_size: 1024
[10/07 20:35:52:531] [7232] Sync: ******** forcing settings using PRAGMA *****
[10/07 20:35:52:532] [7232] Sync: PRAGMA cipher_settings: PRAGMA kdf_iter = 64000;
[10/07 20:35:52:532] [7232] Sync: PRAGMA cipher_hmac_algorithm: HMAC_SHA1
[10/07 20:35:52:532] [7232] Sync: PRAGMA cipher_provider_version: OpenSSL 1.1.1g 21 Apr 2020
[10/07 20:35:52:533] [7232] Sync: PRAGMA cipher_kdf_algorithm: PBKDF2_HMAC_SHA1
[10/07 20:35:52:533] [7232] Sync: PRAGMA cipher_page_size: 1024
[10/07 20:35:52:538] [7232] Sync: Decrypting database failed maybe cipher upgrade or key wrong
[10/07 20:35:52:589] [7232] Database: Unauthorized to open the SQLite database
[10/07 20:35:52:589] [7232] Database: Unable to create a storage engine
[10/07 20:35:52:591] [7232] Database: getDatabase() com.couchbase.lite.Manager@21dfd4d com.couchbase.lite.Database@1434d13[/data/user/0/com.abc.company/files/mydb.cblite2]
[10/07 20:35:52:592] [7232] Database: Opening com.couchbase.lite.Database@1434d13[/data/user/0/com.abc.company/files/mydb.cblite2]
[10/07 20:35:52:592] [7232] Database: open keyOrPassword: OGJqYlNfSVRkWFBsTjZjaEFnNklwRkpKRDB3X241TgA=
[10/07 20:35:52:592] [7232] Database: createSymmetricKey keyOrPassword: OGJqYlNfSVRkWFBsTjZjaEFnNklwRkpKRDB3X241TgA=
[10/07 20:35:52:629] [7232] Database: createSymmetricKey rawKey string: !�P�,��-��Js�
G�G�L�%��Y$4Q�$��0
[10/07 20:35:52:630] [7232] Database: createSymmetricKey SymmetricKey string: 21db50b02cbdbe2dffa74a73ca0d47ba47a14ca325a38d59243451f3248fd830 ([33, -37, 80, -80, 44, -67, -66, 45, -1, -89, 74, 115, -54, 13, 71, -70, 71, -95, 76, -93, 37, -93, -115, 89, 36, 52, 81, -13, 36, -113, -40, 48])
[10/07 20:35:52:630] [7232] Database: createSymmetricKey SymmetricKey getHexData: 21db50b02cbdbe2dffa74a73ca0d47ba47a14ca325a38d59243451f3248fd830
[10/07 20:35:52:631] [7232] Database: open encryptionKey: 21db50b02cbdbe2dffa74a73ca0d47ba47a14ca325a38d59243451f3248fd830 ([33, -37, 80, -80, 44, -67, -66, 45, -1, -89, 74, 115, -54, 13, 71, -70, 71, -95, 76, -93, 37, -93, -115, 89, 36, 52, 81, -13, 36, -113, -40, 48])
[10/07 20:35:52:633] [7232] Sync: PRAGMA keyis: PRAGMA key = “x’21db50b02cbdbe2dffa74a73ca0d47ba47a14ca325a38d59243451f3248fd830’”
[10/07 20:35:52:636] [7232] Sync: PRAGMA cipher_version: 4.4.0 community
[10/07 20:35:52:637] [7232] Sync: ******** settings before calling PRAGMA cipher_compatibility = 3; is *****
[10/07 20:35:52:637] [7232] Sync: PRAGMA cipher_settings: PRAGMA kdf_iter = 256000;
[10/07 20:35:52:638] [7232] Sync: PRAGMA cipher_hmac_algorithm: HMAC_SHA512
[10/07 20:35:52:638] [7232] Sync: PRAGMA cipher_provider_version: OpenSSL 1.1.1g 21 Apr 2020
[10/07 20:35:52:638] [7232] Sync: PRAGMA cipher_kdf_algorithm: PBKDF2_HMAC_SHA512
[10/07 20:35:52:638] [7232] Sync: PRAGMA cipher_page_size: 4096
[10/07 20:35:52:638] [7232] Sync: ******** settings after calling PRAGMA cipher_compatibility = 3; is *****
[10/07 20:35:52:639] [7232] Sync: PRAGMA cipher_compatibility = 3; done
[10/07 20:35:52:639] [7232] Sync: PRAGMA cipher_settings: PRAGMA kdf_iter = 64000;
[10/07 20:35:52:639] [7232] Sync: PRAGMA cipher_hmac_algorithm: HMAC_SHA1
[10/07 20:35:52:639] [7232] Sync: PRAGMA cipher_provider_version: OpenSSL 1.1.1g 21 Apr 2020
[10/07 20:35:52:639] [7232] Sync: PRAGMA cipher_kdf_algorithm: PBKDF2_HMAC_SHA1
[10/07 20:35:52:639] [7232] Sync: PRAGMA cipher_page_size: 1024
[10/07 20:35:52:640] [7232] Sync: ******** forcing settings using PRAGMA *****
[10/07 20:35:52:640] [7232] Sync: PRAGMA cipher_settings: PRAGMA kdf_iter = 64000;
[10/07 20:35:52:640] [7232] Sync: PRAGMA cipher_hmac_algorithm: HMAC_SHA1
[10/07 20:35:52:640] [7232] Sync: PRAGMA cipher_provider_version: OpenSSL 1.1.1g 21 Apr 2020
[10/07 20:35:52:640] [7232] Sync: PRAGMA cipher_kdf_algorithm: PBKDF2_HMAC_SHA1
[10/07 20:35:52:647] [7232] Sync: PRAGMA cipher_page_size: 1024
[10/07 20:35:52:654] [7232] Sync: SELECT count() FROM sqlite_master done
[10/07 20:35:52:656] [7232] Database: SQLiteStorageEngine {database=78ba76f}: Opened Android sqlite db
[10/07 20:35:52:657] [7232] Sync: PRAGMA keyis: PRAGMA key = “x’21db50b02cbdbe2dffa74a73ca0d47ba47a14ca325a38d59243451f3248fd830’”
[10/07 20:35:52:658] [7232] Sync: PRAGMA cipher_version: 4.4.0 community
[10/07 20:35:52:658] [7232] Sync: ******** settings before calling PRAGMA cipher_compatibility = 3; is *****
[10/07 20:35:52:658] [7232] Sync: PRAGMA cipher_settings: PRAGMA kdf_iter = 256000;
[10/07 20:35:52:659] [7232] Sync: PRAGMA cipher_hmac_algorithm: HMAC_SHA512
[10/07 20:35:52:659] [7232] Sync: PRAGMA cipher_provider_version: OpenSSL 1.1.1g 21 Apr 2020
[10/07 20:35:52:659] [7232] Sync: PRAGMA cipher_kdf_algorithm: PBKDF2_HMAC_SHA512
[10/07 20:35:52:659] [7232] Sync: PRAGMA cipher_page_size: 4096
[10/07 20:35:52:659] [7232] Sync: ******** settings after calling PRAGMA cipher_compatibility = 3; is *****
[10/07 20:35:52:659] [7232] Sync: PRAGMA cipher_compatibility = 3; done
[10/07 20:35:52:659] [7232] Sync: PRAGMA cipher_settings: PRAGMA kdf_iter = 64000;
[10/07 20:35:52:660] [7232] Sync: PRAGMA cipher_hmac_algorithm: HMAC_SHA1
[10/07 20:35:52:660] [7232] Sync: PRAGMA cipher_provider_version: OpenSSL 1.1.1g 21 Apr 2020
[10/07 20:35:52:660] [7232] Sync: PRAGMA cipher_kdf_algorithm: PBKDF2_HMAC_SHA1
[10/07 20:35:52:660] [7232] Sync: PRAGMA cipher_page_size: 1024
[10/07 20:35:52:660] [7232] Sync: ******** forcing settings using PRAGMA *****
[10/07 20:35:52:661] [7232] Sync: PRAGMA cipher_settings: PRAGMA kdf_iter = 64000;
[10/07 20:35:52:661] [7232] Sync: PRAGMA cipher_hmac_algorithm: HMAC_SHA1
[10/07 20:35:52:661] [7232] Sync: PRAGMA cipher_provider_version: OpenSSL 1.1.1g 21 Apr 2020
[10/07 20:35:52:661] [7232] Sync: PRAGMA cipher_kdf_algorithm: PBKDF2_HMAC_SHA1
[10/07 20:35:52:662] [7232] Sync: PRAGMA cipher_page_size: 1024
[10/07 20:35:52:665] [7232] Sync: SELECT count(
) FROM sqlite_master done
[10/07 20:35:52:667] [7232] Database: deviceSharingPhase2 Thread Begin transaction (level 0)
[10/07 20:35:52:668] [7232] Database: calls optimizeSQLIndexes()
[10/07 20:35:52:669] [7232] Database: deviceSharingPhase2 Thread Begin transaction (level 1)
[10/07 20:35:52:670] [7232] Database: com.couchbase.lite.store.SQLiteStore$10@d554b8b: Optimizing SQL indexes (curSeq=835, last run at 0)
[10/07 20:35:52:702] [7232] Database: deviceSharingPhase2 Thread Committing transaction (level 1)
[10/07 20:35:52:703] [7232] Database: deviceSharingPhase2 Thread Committing transaction (level 0)
[10/07 20:35:52:717] [7232] Database: No pending doc expirations
[10/07 20:35:52:721] [7232] Database: changeEncryptionKey newKeyOrPassword: NITHIN
[10/07 20:35:52:721] [7232] Database: createSymmetricKey keyOrPassword: NITHIN
[10/07 20:35:52:756] [7232] Database: createSymmetricKey rawKey string: �ۻ������a7ԅ�
��=“w%)jJ�%7j��M
[10/07 20:35:52:757] [7232] Database: createSymmetricKey SymmetricKey string: a8dbbb988d988685b16137d485960d90b13d227725296a4aef251a376a96e44d ([-88, -37, -69, -104, -115, -104, -122, -123, -79, 97, 55, -44, -123, -106, 13, -112, -79, 61, 34, 119, 37, 41, 106, 74, -17, 37, 26, 55, 106, -106, -28, 77])
[10/07 20:35:52:757] [7232] Database: createSymmetricKey SymmetricKey getHexData: a8dbbb988d988685b16137d485960d90b13d227725296a4aef251a376a96e44d
[10/07 20:35:52:757] [7232] Database: changeEncryptionKey newKey: a8dbbb988d988685b16137d485960d90b13d227725296a4aef251a376a96e44d ([-88, -37, -69, -104, -115, -104, -122, -123, -79, 97, 55, -44, -123, -106, 13, -112, -79, 61, 34, 119, 37, 41, 106, 74, -17, 37, 26, 55, 106, -106, -28, 77])
[10/07 20:35:52:757] [7232] Database: changeEncryptionKey EncryptableStore actionToChangeEncryptionKey start
[10/07 20:35:52:757] [7232] Database: Open in TOP LEVEL actionToChangeEncryptionKey inside start
[10/07 20:35:52:758] [7232] Sync: moveAndReplaceFilestart start
[10/07 20:35:52:759] [7232] Sync: moveAndReplaceFilestart end
[10/07 20:35:52:759] [7232] Database: Open in TOP LEVEL actionToChangeEncryptionKey inside END
[10/07 20:35:52:759] [7232] Database: changeEncryptionKey EncryptableStore actionToChangeEncryptionKey end
[10/07 20:35:52:759] [7232] Database: changeEncryptionKey attachments actionToChangeEncryptionKey start
[10/07 20:35:52:761] [7232] Sync: moveAndReplaceFilestart start
[10/07 20:35:52:761] [7232] Sync: moveAndReplaceFilestart end
[10/07 20:35:52:761] [7232] Database: changeEncryptionKey attachments actionToChangeEncryptionKey end
[10/07 20:35:52:762] [7232] Database: Open in actionToChangeEncryptionKey Create & attach start newKey: a8dbbb988d988685b16137d485960d90b13d227725296a4aef251a376a96e44d
[10/07 20:35:52:769] [7232] Sync: PRAGMA keyis: PRAGMA key = “x’21db50b02cbdbe2dffa74a73ca0d47ba47a14ca325a38d59243451f3248fd830’”
[10/07 20:35:52:770] [7232] Sync: PRAGMA cipher_version: 4.4.0 community
[10/07 20:35:52:771] [7232] Sync: ******** settings before calling PRAGMA cipher_compatibility = 3; is *****
[10/07 20:35:52:771] [7232] Sync: PRAGMA cipher_settings: PRAGMA kdf_iter = 256000;
[10/07 20:35:52:771] [7232] Sync: PRAGMA cipher_hmac_algorithm: HMAC_SHA512
[10/07 20:35:52:771] [7232] Sync: PRAGMA cipher_provider_version: OpenSSL 1.1.1g 21 Apr 2020
[10/07 20:35:52:771] [7232] Sync: PRAGMA cipher_kdf_algorithm: PBKDF2_HMAC_SHA512
[10/07 20:35:52:772] [7232] Sync: PRAGMA cipher_page_size: 4096
[10/07 20:35:52:772] [7232] Sync: ******** settings after calling PRAGMA cipher_compatibility = 3; is *****
[10/07 20:35:52:772] [7232] Sync: PRAGMA cipher_compatibility = 3; done
[10/07 20:35:52:772] [7232] Sync: PRAGMA cipher_settings: PRAGMA kdf_iter = 64000;
[10/07 20:35:52:772] [7232] Sync: PRAGMA cipher_hmac_algorithm: HMAC_SHA1
[10/07 20:35:52:772] [7232] Sync: PRAGMA cipher_provider_version: OpenSSL 1.1.1g 21 Apr 2020
[10/07 20:35:52:773] [7232] Sync: PRAGMA cipher_kdf_algorithm: PBKDF2_HMAC_SHA1
[10/07 20:35:52:773] [7232] Sync: PRAGMA cipher_page_size: 1024
[10/07 20:35:52:773] [7232] Sync: ******** forcing settings using PRAGMA *****
[10/07 20:35:52:773] [7232] Sync: PRAGMA cipher_settings: PRAGMA kdf_iter = 64000;
[10/07 20:35:52:773] [7232] Sync: PRAGMA cipher_hmac_algorithm: HMAC_SHA1
[10/07 20:35:52:774] [7232] Sync: PRAGMA cipher_provider_version: OpenSSL 1.1.1g 21 Apr 2020
[10/07 20:35:52:774] [7232] Sync: PRAGMA cipher_kdf_algorithm: PBKDF2_HMAC_SHA1
[10/07 20:35:52:774] [7232] Sync: PRAGMA cipher_page_size: 1024
[10/07 20:35:52:776] [7232] Sync: SELECT count(*) FROM sqlite_master done
[10/07 20:35:52:783] [7232] Database: Open in actionToChangeEncryptionKey Create & attach end
[10/07 20:35:52:784] [7232] Database: execute in actionToChangeEncryptionKey sqlcipher_export(‘rekeyed_db’) start
[10/07 20:35:53:272] [7232] Database: execute in actionToChangeEncryptionKey sqlcipher_export(‘rekeyed_db’) end storageEngine.getVersion(): 102
[10/07 20:35:53:273] [7232] Database: execute in actionToChangeEncryptionKey Close the database (and re-open it on cleanup) start
[10/07 20:35:53:277] [7232] Database: execute in actionToChangeEncryptionKey Close the database (and re-open it on cleanup) end
[10/07 20:35:53:278] [7232] Database: BlobStore No blobs Perform newKey: a8dbbb988d988685b16137d485960d90b13d227725296a4aef251a376a96e44d ([-88, -37, -69, -104, -115, -104, -122, -123, -79, 97, 55, -44, -123, -106, 13, -112, -79, 61, 34, 119, 37, 41, 106, 74, -17, 37, 26, 55, 106, -106, -28, 77])
[10/07 20:35:53:279] [7232] Database: BlobStore: encrypting /data/user/0/com.abc.company/files/mydb.cblite2/attachments
[10/07 20:35:53:279] [7232] Database: BlobStore: BlobStore should be encrypted; do it now START…
[10/07 20:35:53:279] [7232] Database: BlobStore No blobs newKey: a8dbbb988d988685b16137d485960d90b13d227725296a4aef251a376a96e44d ([-88, -37, -69, -104, -115, -104, -122, -123, -79, 97, 55, -44, -123, -106, 13, -112, -79, 61, 34, 119, 37, 41, 106, 74, -17, 37, 26, 55, 106, -106, -28, 77])
[10/07 20:35:53:279] [7232] Database: BlobStore: encrypting /data/user/0/com.abc.company/cache/2890c288-ab1c-4bdf-ae92-898c369a0ed0
[10/07 20:35:53:280] [7232] Database: BlobStore: No blobs to copy; done.
[10/07 20:35:53:280] [7232] Database: BlobStore: BlobStore should be encrypted; do it now END…
[10/07 20:35:53:280] [7232] Database: BlobStore: Copying /data/user/0/com.abc.company/files/mydb.cblite2/attachments/182707F704FE4A1050E288C31B5128C2370C668D.blob
[10/07 20:35:53:288] [7232] Database: BlobStore Finally update encryptionKey newKey: a8dbbb988d988685b16137d485960d90b13d227725296a4aef251a376a96e44d ([-88, -37, -69, -104, -115, -104, -122, -123, -79, 97, 55, -44, -123, -106, 13, -112, -79, 61, 34, 119, 37, 41, 106, 74, -17, 37, 26, 55, 106, -106, -28, 77])
[10/07 20:35:53:288] [7232] Database: changeEncryptionKey registerEncryptionKey start
[10/07 20:35:53:288] [7232] Database: changeEncryptionKey registerEncryptionKey end
[10/07 20:35:53:289] [7232] Database: Open in actionToChangeEncryptionKey Cleanup start
[10/07 20:35:53:290] [7232] Sync: PRAGMA keyis: PRAGMA key = “x’a8dbbb988d988685b16137d485960d90b13d227725296a4aef251a376a96e44d’”
[10/07 20:35:53:291] [7232] Sync: PRAGMA cipher_version: 4.4.0 community
[10/07 20:35:53:291] [7232] Sync: ******** settings before calling PRAGMA cipher_compatibility = 3; is *****
[10/07 20:35:53:291] [7232] Sync: PRAGMA cipher_settings: PRAGMA kdf_iter = 256000;
[10/07 20:35:53:291] [7232] Sync: PRAGMA cipher_hmac_algorithm: HMAC_SHA512
[10/07 20:35:53:291] [7232] Sync: PRAGMA cipher_provider_version: OpenSSL 1.1.1g 21 Apr 2020
[10/07 20:35:53:292] [7232] Sync: PRAGMA cipher_kdf_algorithm: PBKDF2_HMAC_SHA512
[10/07 20:35:53:292] [7232] Sync: PRAGMA cipher_page_size: 4096
[10/07 20:35:53:292] [7232] Sync: ******** settings after calling PRAGMA cipher_compatibility = 3; is *****
[10/07 20:35:53:292] [7232] Sync: PRAGMA cipher_compatibility = 3; done
[10/07 20:35:53:292] [7232] Sync: PRAGMA cipher_settings: PRAGMA kdf_iter = 64000;
[10/07 20:35:53:292] [7232] Sync: PRAGMA cipher_hmac_algorithm: HMAC_SHA1
[10/07 20:35:53:293] [7232] Sync: PRAGMA cipher_provider_version: OpenSSL 1.1.1g 21 Apr 2020
[10/07 20:35:53:293] [7232] Sync: PRAGMA cipher_kdf_algorithm: PBKDF2_HMAC_SHA1
[10/07 20:35:53:293] [7232] Sync: PRAGMA cipher_page_size: 1024
[10/07 20:35:53:293] [7232] Sync: ******** forcing settings using PRAGMA *****
[10/07 20:35:53:293] [7232] Sync: PRAGMA cipher_settings: PRAGMA kdf_iter = 64000;
[10/07 20:35:53:293] [7232] Sync: PRAGMA cipher_hmac_algorithm: HMAC_SHA1
[10/07 20:35:53:293] [7232] Sync: PRAGMA cipher_provider_version: OpenSSL 1.1.1g 21 Apr 2020
[10/07 20:35:53:294] [7232] Sync: PRAGMA cipher_kdf_algorithm: PBKDF2_HMAC_SHA1
[10/07 20:35:53:294] [7232] Sync: PRAGMA cipher_page_size: 1024
[10/07 20:35:53:294] [7232] Sync: Decrypting database failed maybe cipher upgrade or key wrong
[10/07 20:35:53:296] [7232] Database: Unauthorized to open the SQLite database
[10/07 20:35:53:296] [7232] Database: Unable to create a storage enginePreformatted text

db.zip (636.2 KB)

@developernotes Please confirm if this use case is pass in your test suite?

Hi @Nithin_SC

The database you provided can be opened with SQLCipher 4 default settings using a raw key.

Thanks @developernotes
I was not able to enter raw key sqlite browser any reason for that? Should I use command line tool?

So the exported sqlcipher_export made my db to sqlchipher 4.0 settings? How do I force it to have sqlchipher 3.0 settings. ?
I did try pragma custom settings 3.0 after open DB before create attach.Please See logs at

[10/07 20:35:52:773] [7232] Sync: ******** forcing settings using PRAGMA *****

Hello @Nithin_SC - If you want SQLCipher to use version 3 settings across the board, I would suggest that you call PRAGMA cipher_default_compatibility=3 as soon as the database connection is opened and prior to the initial keying. This will cause all SQLCipher to use version 3 settings as the default, including when attaching a database (e.g. for export).

1 Like

Hi @Nithin_SC

You can use the SQLCipher command line shell with the raw key.

  • OpenSSL - EDIPARTYNAME NULL pointer de-reference

@developernotes @sjlombardo Please confirm SQLCipher 4.4.0 with openssl 1.1.1g performs any of the following actions:

  * Direct call to General_Name_cmp, TS_RESP_verify_response and TS_RESP_verify_token
  * Any action that involves a x509 CRL **(certificate revocation list) including the use of Online Certificate Status Protocol (OSCP)**
    * Possible sign of this is the enabling this param `X509_V_FLAG_CRL_CHECK`