How to use existing SQLite to SQL Cipher ( encrpted DB)

[Mohamed Ashraf]

 Hi , I came across the SQLite DB in Android , currently I came to know about SQL Cipher , So How to use existing SQLite to SQL Cipher ( encrpted DB).
 Whter its possible , if yes means , how to proceed


Thanks in advance
Ashraf

[Phil Arnold]

Hi,

There are several steps you need to think about:

1) Which databases are going to be encrypted (SQLCipher will happily talk to non-encrypted databases), or if ALL databases are to be encrypted

2) Location & Size of the database - if it's small, and to be stored on the internal memory, only rooted phones can get at the data, so no real need to encrypt

3) Will the data be built on the device, or built on a server & downloaded?

Overall, yes, it's easy to code as a replacement in-code with very few steps - DO NOT try to mix the existing SQLite import with the SQLCipher one, it just won't work, but (as mentioned), SQLCipher will read non-encrypted databases

If you're building the database on the device, then just make sure you're using the key from a central source (like a Constants class)

Overall though, the only steps you need to worry about are:

copy the SQLCipher files into the project

put a central password in a constants file

at the header of the file, put: import net.sqlcipher.database.SQLiteDatabase;

in the onCreate put: SQLiteDatabase.loadLibs(this);

add the an addition parameter into the openDatabase, the new second parameter is the password ("" for non-encrypted)

That's about it, nothing more (for Android code)

If you want to encrypt the database before downloading to the device, see the conversation "Error on iOS: file is encrypted or is not a database" for how to encrypt a database from a non-encrypted one

Note that if you're downloading - a Zip of the database is almost the same size as the encrypted database because of the encryption, so don't expect it to shrink it like you would a normal database

I hope I've given enough information to get you started - it might seem a lot to do to begin with, but it's actually quite easy on Android, and takes a few minutes get started

Regards,

Phil

[Nick Parker]

Hi Phil,

Thanks for sharing your comments about SQLCipher for Android.  I've made some comments inline with regard to your statements:

Nick Parker

On Fri, May 17, 2013 at 2:04 AM, Phil Arnold <philip.r...@gmail.com> wrote:

Hi,

There are several steps you need to think about:

1) Which databases are going to be encrypted (SQLCipher will happily talk to non-encrypted databases), or if ALL databases are to be encrypted

2) Location & Size of the database - if it's small, and to be stored on the internal memory, only rooted phones can get at the data, so no real need to encrypt

Forensic analysis of a device can provide access to databases that are not rooted.  The size of the information should not be a determining factor in the sensitivity of the data.

 

3) Will the data be built on the device, or built on a server & downloaded?

Overall, yes, it's easy to code as a replacement in-code with very few steps - DO NOT try to mix the existing SQLite import with the SQLCipher one, it just won't work, but (as mentioned), SQLCipher will read non-encrypted databases

SQLCipher for Android only requires a few replacements of the existing android.database package names.  For example, you can continue to use the android.database.Cursor interface with the results provided from a call to the SQLCipher net.sqlcipher.database.SQLiteDatabase::rawQuery.

 

If you're building the database on the device, then just make sure you're using the key from a central source (like a Constants class)

I would highly recommend against storing the key within the application itself.  While key management may be a difficult issue, directly storing it within the application binary is a risky operation.  Tools such as android-apktool can easily disassemble the binary to determine the key used within your database.

 

Overall though, the only steps you need to worry about are:

copy the SQLCipher files into the project

put a central password in a constants file

at the header of the file, put: import net.sqlcipher.database.SQLiteDatabase;

in the onCreate put: SQLiteDatabase.loadLibs(this);

add the an addition parameter into the openDatabase, the new second parameter is the password ("" for non-encrypted)

That's about it, nothing more (for Android code)

If you want to encrypt the database before downloading to the device, see the conversation "Error on iOS: file is encrypted or is not a database" for how to encrypt a database from a non-encrypted one

Note that if you're downloading - a Zip of the database is almost the same size as the encrypted database because of the encryption, so don't expect it to shrink it like you would a normal database

I hope I've given enough information to get you started - it might seem a lot to do to begin with, but it's actually quite easy on Android, and takes a few minutes get started

Regards,

Phil

On Friday, May 17, 2013 5:53:06 AM UTC+1, Mohamed Ashraf wrote:

 Hi , I came across the SQLite DB in Android , currently I came to know about SQL Cipher , So How to use existing SQLite to SQL Cipher ( encrpted DB).
 Whter its possible , if yes means , how to proceed


Thanks in advance
Ashraf

--
 
---
You received this message because you are subscribed to the Google Groups "SQLCipher Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to sqlcipher+...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.
 
 

[Nick Parker]

Hi Mohamed,

Thanks for your interest in SQLCipher for Android.  We've prepared an article [1] covering the process for integrating SQLCipher for Android into an application.  Should you have other questions, feel free to search this mailing list or post your question here.

1.  http://sqlcipher.net/sqlcipher-for-android/

Nick Parker

Ashraf

--