PRAGMA cipher_migrate not working on xamarin iOS

[gasparecoolshop]

Hi @ericsink, I have some problem with the PRAGMA cipher_migrate on iOS xamarin forms app.

My previous app references were this:

<PackageReference Include="Microsoft.EntityFrameworkCore.Sqlite" Version="2.2.6" />
<PackageReference Include="SQLitePCLRaw.bundle_sqlcipher" Version="1.1.12" />

I updated them with this:

<PackageReference Include="Microsoft.EntityFrameworkCore.Sqlite" Version="3.1.19" />
<PackageReference Include="SQLitePCLRaw.bundle_e_sqlcipher" Version="2.0.2" />

The cipher_migrate is not migrating correctly as it seems the database created with the sqlcipher3 version is not using the default encryption settings, I don't know why because I used the default settings.

Here there is a little repo to reproduce the issue (there are two xamarin projects, one with netCore2.1 libs and one with netCore3.1 libs): https://github.com/gasparecoolshop/sqlcipher_migrate_test

I tried to look at the pragma keys relative to the encryption setting and I found that page_size is 4096 on sqlcipher3, same as sqlcipher4, the other keys relative to HMAC and KDF algorithm return an empty value on sqlcipher3 and the default value on sqlcipher4.

Is it possible that previous versions of sqlcipher bundle were using non-default settings on iOS?

N.B.: cipher_compatibility is not working as well.

Thank you

[ericsink]

I can't be of much help on problems related to SQLCipher. I usually suggest folks get help by purchasing the official supported builds from Zetetic. I do know that sqlcipher 3 and 4 are not compatible by default, and something needs to be done to remedy that. I'm not familiar with cipher_migrate, but it sounds related, so maybe you're already on that track.

Another thing I noticed is that you're jumping from SQLitePCLRaw 1.x to 2.x, and you may encounter other problems due to a few minor breaking changes involved with that transition.

https://github.com/ericsink/SQLitePCL.raw/blob/master/v2.md

[sjlombardo]

Hello @gasparecoolshop. I took a look at the project you posted. I believe the problem here is that the application is not actually using SQLCipher. The dependency in the lib project on Microsoft.EntityFrameworkCore.Sqlite (instead of Microsoft.EntityFrameworkCore.Sqlite.Core) and the fact that you don't have any dependency on SQLitePCLRaw.bundle_sqlcipher in your actual application project are causing the system installed version of SQLite to be used instead.

We have previously identified that iOS versions 13+ include some undocumented encryption functionality. It is not SQLCipher, but does respond to PRAGMA key. You can test this yourself by checking PRAGMA cipher_version;. If a result set isn't returned from that statement, then SQLCipher is not being used at runtime. In that case the system library is being used unintentionally so the database would be encrypted with whatever iOS is providing on iOS 13+, or completely unencrypted on lower versions of iOS.

Circling back to SQLCipher, if the database is not encrypted using SQLCipher, the library doesn't know how to open it and can't upgrade using PRAGMA cipher_migrate.