Use cipher_default_* PRAGMAs when attaching an encrypted database

When attaching an SQLCipher encrypted database we need to set the page size, KDF iterations, and HMAC and KDF algorithms. This needs to be done before actually attaching the database but we tried to do it afterwards which silently fails until the first statement is executed on the attached database. This commit modifies the "default" values for these pragmas in order to make sure SQLCipher uses the correct values right at the beginning. See issue #1799.
2026-01-29 15:29:50 -06:00 · 2019-03-25 18:49:19 +01:00
parent 05cb45d1f7
commit 564d54ec5e
1 changed files with 27 additions and 25 deletions
--- a/src/sqlitedb.cpp
+++ b/src/sqlitedb.cpp
@@ -252,37 +252,39 @@ bool DBBrowserDB::attach(const QString& filePath, QString attach_as)
    else
        key = "KEY ''";

+    // Only apply cipher settings if the database is encrypted
+    if(cipherSettings && is_encrypted)
+    {
+        if(!executeSQL(QString("PRAGMA cipher_default_page_size = %1").arg(cipherSettings->getPageSize()), false))
+        {
+            QMessageBox::warning(nullptr, qApp->applicationName(), lastErrorMessage);
+            return false;
+        }
+        if(!executeSQL(QString("PRAGMA cipher_default_kdf_iter = %1").arg(cipherSettings->getKdfIterations()), false))
+        {
+            QMessageBox::warning(nullptr, qApp->applicationName(), lastErrorMessage);
+            return false;
+        }
+        if(!executeSQL(QString("PRAGMA cipher_hmac_algorithm = %1").arg(cipherSettings->getHmacAlgorithm()), false))
+        {
+            QMessageBox::warning(nullptr, qApp->applicationName(), lastErrorMessage);
+            return false;
+        }
+        if(!executeSQL(QString("PRAGMA cipher_kdf_algorithm = %1").arg(cipherSettings->getKdfAlgorithm()), false))
+        {
+            QMessageBox::warning(nullptr, qApp->applicationName(), lastErrorMessage);
+            return false;
+        }
+    }
+
    if(!executeSQL(QString("ATTACH '%1' AS %2 %3").arg(filePath).arg(sqlb::escapeIdentifier(attach_as)).arg(key), false))
    {
        QMessageBox::warning(nullptr, qApp->applicationName(), lastErrorMessage);
        return false;
    }

-    // Only apply cipher settings if the database is encrypted
-    if(cipherSettings && is_encrypted)
-    {
-        if(!executeSQL(QString("PRAGMA %1.cipher_page_size = %2").arg(sqlb::escapeIdentifier(attach_as)).arg(cipherSettings->getPageSize()), false))
-        {
-            QMessageBox::warning(nullptr, qApp->applicationName(), lastErrorMessage);
-            return false;
-        }
-        if(!executeSQL(QString("PRAGMA %1.kdf_iter = %2").arg(sqlb::escapeIdentifier(attach_as)).arg(cipherSettings->getKdfIterations()), false))
-        {
-            QMessageBox::warning(nullptr, qApp->applicationName(), lastErrorMessage);
-            return false;
-        }
-        if(!executeSQL(QString("PRAGMA %1.cipher_hmac_algorithm = %2").arg(sqlb::escapeIdentifier(attach_as)).arg(cipherSettings->getHmacAlgorithm()), false))
-        {
-            QMessageBox::warning(nullptr, qApp->applicationName(), lastErrorMessage);
-            return false;
-        }
-        if(!executeSQL(QString("PRAGMA %1.cipher_kdf_algorithm = %2").arg(sqlb::escapeIdentifier(attach_as)).arg(cipherSettings->getKdfAlgorithm()), false))
-        {
-            QMessageBox::warning(nullptr, qApp->applicationName(), lastErrorMessage);
-            return false;
-        }
-        delete cipherSettings;
-    }
+    // Clean up cipher settings
+    delete cipherSettings;
 #else
    // Attach database
    if(!executeSQL(QString("ATTACH '%1' AS %2").arg(filePath).arg(sqlb::escapeIdentifier(attach_as)), false))