Best way to detect if a Couchbase database file is encrypted?

[Brendan Duddridge]

Hi,

What's the best way to detect if a database file is encrypted? Is it just a matter of trying to open it up with no key provided?

In the header for CBLManager it says that if I don't call - [CBLManager registerEncryptionKey:forDatabaseNamed] with a valid key, then subsequent calls to - [CBLManager existingDatabaseNamed:error] will fail with a 401 error. 

You also mentioned somewhere (I've forgotten where now) that there will be a file created called "encrypted" or something to indicate if a database file has been encrypted. Should I perhaps just look for the existence of that file to determine if a database is encrypted or not? That seems like an implementation detail and would be prone to error if you ever changed how that worked, so doesn't sound like a good idea to me.

I'm just trying to decide when I should ask the user for an encryption key to be able to open up their database. If it's not encrypted I obviously don't ask for one.

Thanks,

Brendan

[Jens Alfke]

> On Sep 10, 2015, at 5:38 PM, Brendan Duddridge <bren...@gmail.com> wrote:
>
> What's the best way to detect if a database file is encrypted? Is it just a matter of trying to open it up with no key provided?

Yes. You’ll get a 401 status. (Under the hood, the only way to tell a SQLCipher database is encrypted is to try to open it and get a SQLITE_CORRUPT error when SQLite can’t find the header block. There’s no readable data in an encrypted database file; it looks like pure noise.)

> You also mentioned somewhere (I've forgotten where now) that there will be a file created called "encrypted" or something to indicate if a database file has been encrypted.

That’s in the attachments directory, to handle some edge cases with adding/removing encryption. It’s an implementation detail and I’d discourage using it.

—Jens

[Brendan Duddridge]

Alright. Thanks. I've gone with the first idea of opening the database and checking for the 401 error code.