Is there a correct way to test whether a user-provided SQLCipher password is valid on Android? -
i'm using sqlcipher android , trying determine correct way test whether user-provided password valid.
my first inclination try , open database given password, using sqlcipher implementation of sqliteopenhelper.getreadabledatabase(password)
, , catch sqliteexception
pops out.
this work, problem because android api wraps underlying c calls, lot of work - specifically, when open database using android api, opens database, runs native c-level sqlite3_key
method (with provided password), tries set locale on database, whether or not provided password correct.
at point, android library tries set locale, , underlying database throws "encrypted or not database" sqliteexception
, caught , rethrown; before is, unrelated error written logs, saying locale cannot set , database being closed (with included stack trace). because written android library, cannot suppress it, leaving ugly error in logs unrelated original problem, passed in wrong password.
because android library not expose c-level calls, can't use method described in sqlcipher api documentation regarding testing key, because don't have access directly open database.
i lean towards using sqlitedatabasehook
, best can tell, precludes use of sqliteopenhelper
, not appear provide way set hook.
does else know better way test whether input passphrase decrypts sqlcipher database through sqlcipher android api? expect call method , check exception being thrown - don't want operation try , perform extraneous processing (like set locale) on database , write insuppressible error logs.
sqlcipher android not know password have provided invalid following sqlite3_key
call, database key isn't used until sql command issued against database following sqlite3_key
, such setlocale(...)
method reference above. problem is, providing invalid key may 1 of possible other scenarios problem @ point first sql statement executed. corrupt data file, failed hmac check, or opening non database file result in same error message. detailed description of please review thread. best catch exception when attempting open database , handle accordingly within client application.
Comments
Post a Comment