我在Android上使用SQLCipher获取加密数据库。数据库获取默认密码,该密码基于某些硬编码值。用户还可以在应用程序上设置密码。当用户这样做时,我也想要更改SQLCipher使用的DB密码。我已经在StackerOverflow上发现了一些帖子,说我应该使用rekey。
目前我正在使用此代码,如建议的帖子
final DatabaseHelper helper = new DatabaseHelper(this);
final SQLiteDatabase db = helper.getWritableDatabase(oldPassword);
final String PRAGMA_KEY = String.format("PRAGMA key = \"%s\";", oldPassword);
final String PRAGMA_REKEY = String.format("PRAGMA rekey = \"%s\";", newPassword);
db.rawExecSQL("BEGIN IMMEDIATE TRANSACTION;");
db.rawExecSQL(PRAGMA_KEY);
db.rawExecSQL(PRAGMA_REKEY);
db.close();
但是当我尝试在密码更改后插入数据库时,我会收到此错误。
sqlite returned: error code = 26, msg = statement aborts at 1: [BEGIN EXCLUSIVE;] file is encrypted or is not a database
Failure 26 (file is encrypted or is not a database) on 0xb90048c0 when executing 'BEGIN EXCLUSIVE;'
FATAL EXCEPTION: IntentService[DBService]
Process: com.example, PID: 26502
net.sqlcipher.database.SQLiteException: file is encrypted or is not a database: BEGIN EXCLUSIVE;
at net.sqlcipher.database.SQLiteDatabase.native_execSQL(Native Method)
at net.sqlcipher.database.SQLiteDatabase.execSQL(SQLiteDatabase.java:1831)
at net.sqlcipher.database.SQLiteDatabase.beginTransactionWithListener(SQLiteDatabase.java:584)
at net.sqlcipher.database.SQLiteDatabase.beginTransaction(SQLiteDatabase.java:538)
at com.example.db.Provider.bulkInsert(OurProvider.java:196)
at android.content.ContentProvider$Transport.bulkInsert(ContentProvider.java:250)
at android.content.ContentResolver.bulkInsert(ContentResolver.java:1268)
at nl.qbusict.cupboard.ProviderCompartment.put(ProviderCompartment.java:158)
at com.example.db.DBUtils.saveObjects(DBUtils.java:32)
at com.example.services.DBService.getDataFromAPI(DBService.java:119)
at com.example.services.DBService.onHandleIntent(DBService.java:48)
at android.app.IntentService$ServiceHandler.handleMessage(IntentService.java:65)
at android.os.Handler.dispatchMessage(Handler.java:102)
at android.os.Looper.loop(Looper.java:135)
at android.os.HandlerThread.run(HandlerThread.java:61)
我检查了原始密码和新密码之前和之后的所有相同内容。我还尝试添加db.rawExecSQL("END;");和db.rawExecSQL("COMMIT;");,但这并没有帮助。另外,当我更改密码时,我会看到error:06065064:digital envelope routines:EVP_DecryptFinal_ex:bad decrypt的日志消息。不知道这与它有什么关系吗?
public class OurProvider extends ContentProvider {
@Override
public int bulkInsert(Uri uri, ContentValues[] values) {
synchronized (LOCK) {
SQLiteDatabase db = getDatabase().getWritableDatabase(getPassword());
final String table = getTableString(uri);
db.beginTransaction();
int rowsInserted = 0;
try {
for (ContentValues value : values) {
db.insertWithOnConflict(table, null, value, SQLiteDatabase.CONFLICT_REPLACE);
rowsInserted++;
}
db.setTransactionSuccessful();
} catch (Exception e) {
Crashlytics.logException(e);
Log.d(TAG, Log.getStackTraceString(e));
rowsInserted = -1;
} finally {
db.endTransaction();
if (rowsInserted > 0) {
getContext().getContentResolver().notifyChange(uri, null);
}
}
return rowsInserted;
}
}
private String getPassword() {
final String password = Base64.encodeToString(OurApplication.getEncryptionKey().getEncoded(), Base64.DEFAULT);
Log.e("SQLCipher_OurProvider", "SQLCipher password: " + password);
return password;
}
private void initDb() {
SQLiteDatabase.loadLibs(getContext());
mDatabaseHelper = new DatabaseHelper(getContext());
}
public DatabaseHelper getDatabase() {
if (mDatabaseHelper == null) {
initDb();
}
return mDatabaseHelper;
}
}
public class DBService extends IntentService {
private void updatePasscode(Intent intent) {
final SecretKey oldKey = OurApplication.getEncryptionKey();
final String encryptedString = SecurePrefs.getEncryptedString(PrefKeys.ENC_CONFIRM);
if (!TextUtils.isEmpty(encryptedString)) {
String decryptedString = Crypto.decrypt(oldKey, encryptedString);
// check if the oldkey can decrypt the confirmation string.
if (BaseActivity.CONFIRM_STRING.equals(decryptedString)) {
String pin = intent.getStringExtra(KEY_PASSCODE);
if (pin.equals(PasscodeActivity.REMOVE_PIN)) {
pin = null;
}
final SecretKey newKey = SecurityUtil.generateKey(this, pin);
final String accessToken = getUserAccessToken();
final String refreshToken = SecurePrefs.getString(PrefKeys.USER_REFRESH_TOKEN);
final String email = SecurePrefs.getString(PrefKeys.USER_ID);
final String confirmEncrypted = SecurePrefs.getString(PrefKeys.ENC_CONFIRM);
// set the newly generated string in the application.
OurApplication.setEncryptionKey(newKey);
// clear the old encrypted prefs. save the values with the new encryption key.
SecurePrefs.clear();
SecurePrefs.putString(PrefKeys.USER_ACCESS_TOKEN, accessToken);
SecurePrefs.putString(PrefKeys.USER_REFRESH_TOKEN, refreshToken);
SecurePrefs.putString(PrefKeys.USER_ID, email);
SecurePrefs.putString(PrefKeys.ENC_CONFIRM, confirmEncrypted);
// update de encryption key in the database.
final String oldPassword = Base64
.encodeToString(oldKey.getEncoded(), Base64.DEFAULT);
final String newPassword = Base64
.encodeToString(newKey.getEncoded(), Base64.DEFAULT);
final String PRAGMA_KEY = String.format("PRAGMA key = \"%s\";", oldPassword);
final String PRAGMA_REKEY = String.format("PRAGMA rekey = \"%s\";", newPassword);
final DatabaseHelper helper = new DatabaseHelper(this);
final SQLiteDatabase db = helper.getWritableDatabase(oldPassword);
db.rawExecSQL("BEGIN IMMEDIATE TRANSACTION;");
db.rawExecSQL(PRAGMA_KEY);
db.rawExecSQL(PRAGMA_REKEY);
db.close();
sendBroadcast(IntentUtil.createBroadcastPasscodeUpdated());
}
}
}
}
答案 0 :(得分:1)
您不应该开始交易(处理internally并略有不同),也不需要执行代码的PRAGMA key='…';部分。您可以通过调用getWritableDatabase(…);打开数据库,然后执行PRAGMA rekey='…';命令。
答案 1 :(得分:1)
我也遇到了这个问题,原因是数据库首先没有加密,因此PRAGMA key = <new_key>或PRAGMA rekey = <new_key>失败了。因此,oldPassword不能为空或空。