SQLCipher Android is not throwing an exception with incorrect password

Question

I am using SQLCipher v3.5.7 and observed an unexpected behavior from SQLiteDatabase with incorrect password.

I encrypted the database with "key1".
Closed the database connection.
Then I tried to open my database with "key2", the SQLiteDatabase is not throwing an exception. Instead, it is updating the old password (key1) to new password (key2). I verified this by opening the .db file in SQLiteBrowser.

Can somebody help me why it is behaving this way?

private static SQLiteCipherDatabaseHelper createDBConnection(Context context, String databasePath, final String key) throws SQLiteDatabaseException {
    if (dbInstance == null) {
        dbInstance = new SQLiteCipherDatabaseHelper(context, databasePath);

        String path = context.getDatabasePath(databasePath).getPath();
        File dbPathFile = new File(path);
        if (!dbPathFile.exists()) {
               dbPathFile.getParentFile().mkdirs();
        }

        setDatabaseWithDBEncryption(key);
    }
    return dbInstance;
}

private static void setDatabaseWithDBEncryption(String encryptionKey) throws SQLiteDatabaseException {
    loadSQLCipherLibs();
    try {
        sqliteDatabase = SQLiteDatabase.openOrCreateDatabase(new File(context.getDatabasePath(databasePath).getPath()), encryptionKey, null);
    } catch (Exception e) {
        SyncLogger.getSharedInstance().logFatal("SQLiteCipherDatabaseHelper", "Failed to open or create database. Please provide a valid encryption key");
        throw new SQLiteDatabaseException(SyncErrorCodes.EC_DB_SQLCIPHER_FAILED_TO_OPEN_OR_CREATE_DATABASE, SyncErrorDomains.ED_OFFLINE_OBJECTS, SyncErrorMessages.EM_DB_SQLCIPHER_FAILED_TO_OPEN_OR_CREATE_DATABASE, e);
    }
}

score 0 · Answer 1 · answered Nov 23 '17 at 06:20

0

Have you upgrade your db version ??

 private static final int DATABASE_VERSION = 2;//from 1 to 2
 private static class OpenHelper extends SQLiteOpenHelper {
    OpenHelper(Context context) // constructor
    {
        super(context, DATABASE_NAME, null, DATABASE_VERSION);
    }

    @Override
    public void onCreate(SQLiteDatabase db) {
    }
    @Override
    public void onUpgrade(SQLiteDatabase db, int oldVersion, int newVersion) 
 {
     //Changes in db mentioned here
 }
}

answered Nov 23 '17 at 06:20

jakir hussain

316
2
18

No, My version is still 1. – elsa Nov 23 '17 at 06:24
when you make changes in db you need to upgrade its version then try – jakir hussain Nov 23 '17 at 06:25
So each time I try opening my database connection should I update my version id? – elsa Nov 23 '17 at 07:19
The version change did not help me. Any other way? – elsa Nov 23 '17 at 08:12

score 0 · Answer 2 · answered Nov 27 '17 at 14:56

Are you actually populating the database with tables and data after keying it? It seems most likely that for some reason you are recreating the database each time you run the test. Have you verified that the actual database is encrypted by pulling it off the device and examining the file? Perhaps you are recreating a new database each time you run the test, in which case the new key would just be used.

It's worth noting that this behavior is covered in the SQLCipher for Android Test project.

https://github.com/sqlcipher/sqlcipher-android-tests/blob/master/src/main/java/net/zetetic/tests/InvalidPasswordTest.java

If you suspect an issue you can try running the test suite on your device, or create a new test case to verify the behavior with your own code.

SQLCipher Android is not throwing an exception with incorrect password

2 Answers2