From 74a978bc9caf3fde71248a461aebe08085be1c6b Mon Sep 17 00:00:00 2001
From: KOGA Mitsuhiro <shiena.jp@gmail.com>
Date: Mon, 20 Dec 2021 17:25:06 +0900
Subject: [PATCH 1/3] Add SetReKey for SQLCipher

---
 src/SQLite.cs                       | 26 +++++++++++
 tests/SQLite.Tests/SQLCipherTest.cs | 70 +++++++++++++++++++++++++++++
 2 files changed, 96 insertions(+)

diff --git a/src/SQLite.cs b/src/SQLite.cs
index ee172b398..d3d7e3009 100644
--- a/src/SQLite.cs
+++ b/src/SQLite.cs
@@ -390,6 +390,32 @@ void SetKey (byte[] key)
 			ExecuteScalar<string> ("pragma key = \"x'" + s + "'\"");
 		}
 
+		/// <summary>
+		/// Change the encryption key for a SQLCipher database with "pragma rekey = ...".
+		/// </summary>
+		/// <param name="key">Encryption key plain text that is converted to the real encryption key using PBKDF2 key derivation</param>
+		public void SetReKey (string key)
+		{
+			if (key == null)
+				throw new ArgumentNullException(nameof(key));
+			var q = Quote(key);
+			ExecuteScalar<string>("pragma rekey = " + q);
+		}
+
+		/// <summary>
+		/// Change the encryption key for a SQLCipher database.
+		/// </summary>
+		/// <param name="key">256-bit (32 byte) or 384-bit (48 bytes) encryption key data</param>
+		public void SetReKey (byte[] key)
+		{
+			if (key == null)
+				throw new ArgumentNullException(nameof(key));
+			if (key.Length != 32 && key.Length != 48)
+				throw new ArgumentException ("Key must be 32 bytes (256-bit) or 48 bytes (384-bit)", nameof (key));
+			var s = String.Join("", key.Select(x => x.ToString("X2")));
+			ExecuteScalar<string>("pragma rekey = \"x'" + s + "'\"");
+		}
+
 		/// <summary>
 		/// Enable or disable extension loading.
 		/// </summary>
diff --git a/tests/SQLite.Tests/SQLCipherTest.cs b/tests/SQLite.Tests/SQLCipherTest.cs
index 665c82eaf..b41009b41 100644
--- a/tests/SQLite.Tests/SQLCipherTest.cs
+++ b/tests/SQLite.Tests/SQLCipherTest.cs
@@ -148,5 +148,75 @@ public void CheckJournalModeForNonKeyed ()
 				Assert.AreEqual ("wal", db.ExecuteScalar<string> ("PRAGMA journal_mode;"));
 			}
 		}
+
+		[Test]
+		public void ResetStringKey ()
+		{
+			string path;
+
+			var key = "SecretPassword";
+			var reKey = "SecretKey";
+
+			using (var db = new TestDb (key: key)) {
+				db.SetReKey (reKey);
+				path = db.DatabasePath;
+
+				db.CreateTable<TestTable> ();
+				db.Insert (new TestTable { Value = "Hello" });
+			}
+
+			using (var db = new TestDb (path, key: reKey)) {
+				path = db.DatabasePath;
+
+				var r = db.Table<TestTable> ().First ();
+
+				Assert.AreEqual ("Hello", r.Value);
+			}
+		}
+
+		[Test]
+		public void ResetByteKey ()
+		{
+			string path;
+
+			var rand = new Random ();
+			var key = new byte[32];
+			rand.NextBytes (key);
+			var reKey = new byte[32];
+			rand.NextBytes (reKey);
+
+			using (var db = new TestDb (key: key)) {
+				db.SetReKey (reKey);
+				path = db.DatabasePath;
+
+				db.CreateTable<TestTable> ();
+				db.Insert (new TestTable { Value = "Hello" });
+			}
+
+			using (var db = new TestDb (path, key: reKey)) {
+				path = db.DatabasePath;
+
+				var r = db.Table<TestTable> ().First ();
+
+				Assert.AreEqual ("Hello", r.Value);
+			}
+		}
+
+		[Test]
+		public void ResetBadKey ()
+		{
+			var key = new byte[] { 42 };
+
+			try
+			{
+				using (var db = new TestDb ()) {
+					db.SetReKey (key);
+				}
+
+				Assert.Fail ("Should have thrown");
+			}
+			catch (ArgumentException) {
+			}
+		}
 	}
 }

From 1bcc2aa1d94d9ce3ad1bab6af2d24682ef1a1a63 Mon Sep 17 00:00:00 2001
From: KOGA Mitsuhiro <shiena.jp@gmail.com>
Date: Mon, 20 Dec 2021 18:02:06 +0900
Subject: [PATCH 2/3] Fix misspell

---
 src/SQLite.cs | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/SQLite.cs b/src/SQLite.cs
index d3d7e3009..e5712f3e4 100644
--- a/src/SQLite.cs
+++ b/src/SQLite.cs
@@ -364,7 +364,7 @@ static string Quote (string unsafeString)
 		/// if your database is encrypted.
 		/// This only has an effect if you are using the SQLCipher nuget package.
 		/// </summary>
-		/// <param name="key">Ecryption key plain text that is converted to the real encryption key using PBKDF2 key derivation</param>
+		/// <param name="key">Encryption key plain text that is converted to the real encryption key using PBKDF2 key derivation</param>
 		void SetKey (string key)
 		{
 			if (key == null)
@@ -379,7 +379,7 @@ void SetKey (string key)
 		/// if your database is encrypted.
 		/// This only has an effect if you are using the SQLCipher nuget package.
 		/// </summary>
-		/// <param name="key">256-bit (32 byte) ecryption key data</param>
+		/// <param name="key">256-bit (32 byte) encryption key data</param>
 		void SetKey (byte[] key)
 		{
 			if (key == null)

From bbdb4229b6c5c08fd567bd7d30c23b580d8f067b Mon Sep 17 00:00:00 2001
From: KOGA Mitsuhiro <shiena.jp@gmail.com>
Date: Mon, 20 Dec 2021 23:24:44 +0900
Subject: [PATCH 3/3] Remove redundant

---
 tests/SQLite.Tests/SQLCipherTest.cs | 4 ----
 1 file changed, 4 deletions(-)

diff --git a/tests/SQLite.Tests/SQLCipherTest.cs b/tests/SQLite.Tests/SQLCipherTest.cs
index b41009b41..f2836f336 100644
--- a/tests/SQLite.Tests/SQLCipherTest.cs
+++ b/tests/SQLite.Tests/SQLCipherTest.cs
@@ -166,8 +166,6 @@ public void ResetStringKey ()
 			}
 
 			using (var db = new TestDb (path, key: reKey)) {
-				path = db.DatabasePath;
-
 				var r = db.Table<TestTable> ().First ();
 
 				Assert.AreEqual ("Hello", r.Value);
@@ -194,8 +192,6 @@ public void ResetByteKey ()
 			}
 
 			using (var db = new TestDb (path, key: reKey)) {
-				path = db.DatabasePath;
-
 				var r = db.Table<TestTable> ().First ();
 
 				Assert.AreEqual ("Hello", r.Value);