I am able to create an encrypted database using pysqlcipher, and open it with pysqlcipher, but somehow I cannot open the same database using the sqlcipher command0line tool installed on Mac OS X when installing sqlcipher from source. For installation, I followed the steps listed here: https://github.com/leapcode/pysqlcipher/issues/17#issuecomment-113776360 and the versions of libsqlcipher should therefore be the same in both cases.
Test script
from pysqlcipher import dbapi2 as sqlite
conn = sqlite.connect('test.db')
c = conn.cursor()
c.execute("PRAGMA key='test'")
c.execute('''create table stocks (date text, trans text, symbol text, qty real, price real)''')
c.execute("""insert into stocks values ('2006-01-05','BUY','RHAT',100,35.14)""")
conn.commit()
c.close()
conn = sqlite.connect('test.db')
c = conn.cursor()
c.execute("PRAGMA key='test'")
c.execute("SELECT * FROM stocks;")
print(c.fetchall())
c.close()
Output
$ python ciphertest.py
[(u'2006-01-05', u'BUY', u'RHAT', 100.0, 35.14)]
This part is as expected. Output of hexdump also confirms that the database is, in fact, encrypted:
$ hexdump -C test.db
00000000 65 17 e3 50 08 b6 5c 94 d5 18 10 f1 61 cc 4f 04 |e..P..\.....a.O.|
00000010 18 02 37 43 15 fc 17 b9 36 e4 3c 55 0a 95 db 80 |..7C....6.<U....|
00000020 37 6e f3 71 97 7e 69 e7 61 81 33 c7 24 68 80 80 |7n.q.~i.a.3.$h..|
00000030 32 b1 b0 27 6a 19 22 31 50 29 16 96 48 9b 63 16 |2..'j."1P)..H.c.|
00000040 e2 6a de 7b c8 0b 1d bf ba 48 29 6c 41 4d 73 36 |.j.{.....H)lAMs6|
00000050 24 19 25 11 66 60 5d 89 e6 d6 d3 07 66 d2 7a 34 |$.%.f`].....f.z4|
00000060 c3 7b f8 e4 3f 41 d2 3c ab 28 fb 65 9c 6d 88 e2 |.{..?A.<.(.e.m..|
00000070 3f 4a d7 e3 89 50 04 e7 24 36 64 a8 49 65 88 db |?J...P..$6d.Ie..|
Now, I attempt to open the test.db file using the sqlcipher command-line tool:
$ sqlcipher test.db
SQLCipher version 3.8.8.3 2015-02-25 13:29:11
Enter ".help" for instructions
Enter SQL statements terminated with a ";"
sqlite> PRAGMA key='test';
sqlite> SELECT * FROM stocks;
Error: file is encrypted or is not a database
As a final test, I created an encrypted database from the sqlcipher command-line tool, using the same key. I would expect this database to be exactly the same as the one created by the Python script (is this a reasonable expectation? Maybe they could be different):
$ sqlcipher test2.db
SQLCipher version 3.8.8.3 2015-02-25 13:29:11
Enter ".help" for instructions
Enter SQL statements terminated with a ";"
sqlite> PRAGMA key='test';
sqlite> create table stocks (date text, trans text, symbol text, qty real, price real);
sqlite> insert into stocks values ('2006-01-05','BUY','RHAT',100,35.14)
...> ;
sqlite> .q
A hexdump confirms that they are not the same:
$ hexdump -C test2.db
00000000 9e 08 4c 64 cb 31 05 b0 f7 73 ce 96 9a 22 72 1c |..Ld.1...s..."r.|
00000010 7f 3f 59 a6 58 7f 5b ff 18 b1 86 03 93 4d f4 8b |.?Y.X.[......M..|
00000020 08 41 66 16 67 a4 cf d8 e3 7d c0 ca 62 df 3f 37 |.Af.g....}..b.?7|
00000030 82 82 65 10 f6 69 a4 68 25 cb c7 32 33 4c 89 70 |..e..i.h%..23L.p|
00000040 1d d9 fe 4d ae eb 73 67 77 13 c9 a5 3e 5e ad a6 |...M..sgw...>^..|
00000050 77 dc b9 62 63 ed f5 41 ad 93 d7 08 11 d7 9e 4f |w..bc..A.......O|
00000060 85 55 e7 2e 2a e8 8e 46 e0 4d 02 e2 75 ec c7 51 |.U..*..F.M..u..Q|
00000070 9d b7 9e 2a 91 b9 fd a7 de 2f 12 4b 2f 47 e5 cc |...*...../.K/G..|
I'm not sure whether this is an error on my side, or a problem with the pysqlcipher library. I opened an issue to be safe, but any advice would be greatly appreciated!
I have done something that analogous to yours.
In recent version of sqlcipher such as 3.1.0 or 3.3.0, it's cipher_default_kdf_iter is 64000. But my pysqlcipher's, maybe as well as yours, is 4000. So you could execute sql like "PRAGMA cipher_default_kdf_iter = 4000;" in you sqlcipher.exe. Hope that can help you.