Encrypting the DB


#1
    File dbFile=ctxt.getDatabasePath(".encryptedDb");
    File legacyFile=ctxt.getDatabasePath("unencryptedDb");
    if (!dbFile.exists() && legacyFile.exists()) {
        SQLiteDatabase db=
                SQLiteDatabase.openOrCreateDatabase(legacyFile, "", null);

        db.rawExecSQL(String.format("ATTACH DATABASE '%s' AS encrypted KEY '%s';",
                dbFile.getAbsolutePath(), new DBHelper(ctxt).getEncryptionKey()));
        db.rawExecSQL("SELECT sqlcipher_export('encrypted')");
        db.rawExecSQL("DETACH DATABASE encrypted;");
        int version = db.getVersion();
        db.close();
        db = SQLiteDatabase.openDatabase(dbFile.getAbsolutePath(), encryptionKey, null, SQLiteDatabase.OPEN_READWRITE);
        db.setVersion(version);
        db.close();
        legacyFile.delete();
        dbFile.renameTo(legacyFile);
    }

My DBHelper opens the unencrypted Db right now.
public DBHelper open() throws SQLException{
db = myDBHelper.getWritableDatabase("");
return this;
}

How do I make sure the app has the password to open the new encrypted db next time?


#2

Hello @bluefish

You will likely want to provide a password to your DBHelper class instance which can be an empty string when the database is in plain text. Once you have encrypted the database, you can replace your reference to the DBHelper instance to a new instance where you have provided a valid password to open the encrypted database.


SQLCipher Android (Data Migration from unencrypted DB to encrypted one...)
#3

Where would I store this password considering its sensitivity.

For now, try{
db = myDBHelper.getWritableDatabase("");
}catch{
db = myDBHelper.getWritableDatabase(key)
}

works. but I dont like spitting that exception everytime I have to open the db


#4

Hi @bluefish

It is not recommended that you compile the key into the application, as that can easily be attacked, rather that it is sourced at runtime.


#5

Whats the best way to source it at runtime?


#6

Hi @bluefish

Gathering a password from the user within your application would be a good place to start if possible. It is difficult to provide general recommendations beyond that as all applications have different security requirements.


#7

Hi, i am attempting to migrate from a standard SQLite to SQLCipher in Android.

Where should this encrypt method be called, in the DB Helper onUpdate or in the first activity of the application before any DB code is called
Right now i am attempting to use the encrypt method in my first activity before any DB access,

I am attempting to open the standard SQLite DB with the SQLCipher DBHelper with a empty string passphrase as mentioned in the posts but i am getting a Unsatisified Link error.

java.lang.UnsatisfiedLinkError: Native method not found: net.sqlcipher.database.SQLiteDatabase.dbopen:(Ljava/lang/String;I)V

Can anyone supply a working example of a migration in Android from SQLite to SQLCipher

Regards,
Daniel Leahy.


#8

My guess is that you have not called SQLiteDatabase.loadLibs() prior to your attempt to encrypt the database.


#9

Hi commonsguy,

yes your right, I hadn’t called
SQLiteDatabase.loadLibs(),
I added it 20 mins ago

appears to be working now.

Testing it tomorrow.

Thanks again for the post

Regards,
Daniel Leahy.