Decrypt database using FMDB with SQLCipher, setkey with a wrong password always return YES

793 views Asked by At

FMDB version (2.6.2)

Problem: I am testing FMDB and SQLCipher, and find a tricky problem. I encrypt a db with password 'test001' successfully, and I export it and open the db with DB Brower, with 'test001' I open it without any problem. Then in Xcode I try to open the DB with password 'test002'(I do this to test if FMDB will tell me that I use a wrong password), however the setkey() return YES. I check db.lastErrorMessage, it returns nil, which means FMDB thinks I give the right key.Then I try to read data from the DB using executeQuery(), the function returns NO, and the NSLog shows 'file is encrypted or is not a database'.

Anyone has the same problem? Is it a bug of sqlite or I use it in a wrong way?

setkey() return YES

executeQuery() return NO due to decrypt error

1

There are 1 answers

1
Nick Parker On BEST ANSWER

The call to setKey(…)does not verify the password provided is valid for current database, rather it just causes the database to attach a codec context within SQLCipher. The next SQL command that you issue following the keying of the database will cause key derivation to occur (so long as you are not using a raw hex key), and will generally validate whether SQLCipher is able to use the key to access your database. We generally recommend you attempt to execute the following query to validate the password is valid as the sqlite_master table will always be present, regardless of your schema.

SELECT count(*) FROM sqlite_master;