Reputation: 5597
How to migrate a Room database from one encryption passphrase to another?
I ran into an issue where an application I'm working on has encryption enabled for the Room database, using SQLCipher, but the actual passphrase was not formed securely. I have the new, secure method of setting up new databases up and running, but there's a problem: how to migrate the existing database to use the new passphrase?
I have set up a method to check whether or not the database uses the unsecure passphrase, like so:
if (DatabaseEncryptor.isUnsecure()) {
// Old, unsecure database in use; should migrate to a secure one
}
// All should be good now, set up the secure support factory
builder.openHelperFactory(DatabaseEncryptor.getSupportFactory(context))
.fallbackToDesctructiveMigration()
Is it possible to just change the passphrase for the existing database? If not, how can the data be transferred from the old, unsecure database to the new, secure database?
Upvotes: 1
Views: 477
Answers (1)
Reputation: 5597
Found out that re-keying the database is rather straight-forward. Here's the solution I ended up using:
val dbFilePath = context.getDatabasePath(DATABASE_NAME)
if (dbFilePath.exists()) {
SQLiteDatabase.loadLibs(context)
val db = SQLiteDatabase.openDatabase(
dbFilePath.absolutePath,
OLD_PASSPHRASE,
null,
SQLiteDatabase.OPEN_READWRITE
)
if (db.isOpen) {
db.rawExecSQL("PRAGMA key = '${OLD_PASSPHRASE}'")
db.rawExecSQL("PRAGMA rekey = '${NEW_PASSPHRASE}'")
db.close()
}
}
Upvotes: 2
Related Questions
- Android Change password of encrypted Room DB with SQLCipher
- Migrating from Existing Room database to Sqlcipher
- Migration from SQLCipher V1 to Room DB V2 on App Update:
- How can I encrypt the existing Room database with sqlcipher?
- How to migrate Room db from 1 to 2?
- Room Database migration for all version
- Accessing old Room database in Room Migrations
- Room reset database if key doesn't match
- Migration room database, alter table, android?
- Room Database migration