Which algorithm is used?

[sergicastellsague]

I can see in the brief documentation, that AES is used, but which Mode of operation? (http://en.wikipedia.org/wiki/Block_cipher_mode_of_operation)

Thanks.

[developernotes]

Hi @sergicastellsague

The default mode is CBC, though the algorithm, key size and mode can be changed with the PRAGMA cipher command.

[sergicastellsague]

Hello @developernotes ,

Thanks for the reply. The link you provided looks like a raw query to SQLite database file.

Is it as "easy" as:

File databaseFile = getDatabasePath( "demo.db" );
        databaseFile.mkdirs();
        databaseFile.delete();

        database.execSQL("PRAGMA cipher = 'aes-256-ofb'");

?

And are all modes supported? In your documentation you state that you do not recommend changing it. For any concret reason?

[developernotes]

Hello @sergicastellsague

The PRAGMA cipher command in this case would need to be run within the postKey event of a SQLiteDatabaseHook. An example of this can be found in the test suite here.

We generally do not recommend changing the default cipher unless you have a good reason to do so. The justification is most easily explained by flipping the question around, i.e. what is the benefit of changing the cipher? We have selected secure settings by default, and adjusting the cipher used could introduce compatibility issues in the future. Thus, unless there is a compelling reason, it is best to use the default values. For reference, a few alternate cipher modes are used in the standard SQLCipher test cases for validation of the features. To get a listing of options, you can run the following from a command prompt:

openssl -enc --help