Using my own encrypted database in an Android App (SQLCipher)

[Hani]

Salute everyone,

I have an encrypted database created with SQLite Database Browser and encrypted using sqlcipher (with ATTACH DATABASE ...).
I've put it into the assets folder of my Android app and what I want to do is to copy it into the folder /data/data/com.example.blabla/databases

I do it with a standard copy method with inputStream and FileOutputStream but I encounter a first issue.

Then I want to open it with the SQLCipher SDK for Android but I can find a way to make it work. I have written a SQLiteOpenHelper derived class where I put the copy method.
Here is the copy method :

public int createDataBase(){
       
         boolean dbExist = false;
         int result = 1;
         File file = new File(PATH_DB + NAME_DB);
         if(!file.exists()) dbExist = false;
         else dbExist = true;
         
         if(!dbExist){
             Log.d("MySQLiteOpenHelper", "BDD DOESNT EXIST");
             try{
                 copyDataBase();
             }catch(Exception e){
                 result = 0;
                 Log.d("MySQLiteOpenHelper", "COPY ERROR");
             }
         }else{
             Log.d("MySQLiteOpenHelper", "BDD EXISTS");
         }
         return result;
    }

private void copyDataBase() throws IOException{
         
         InputStream myInput = myContext.getAssets().open(NOM_BDD);
         String outFileName = CHEMIN_BDD + NOM_BDD;
         OutputStream myOutput = new FileOutputStream(outFileName);
         byte[] buffer = new byte[1024];
         int length;
         while ((length = myInput.read(buffer))>0){
             myOutput.write(buffer, 0, length);
         }
         myOutput.flush();
         myOutput.close();
         myInput.close();
     }

And here is my open database method :

private void openDataBase(){
        String myPath = CHEMIN_BDD + NOM_BDD;
         bdd = SQLiteDatabase.openDatabase(myPath, PASSWORD, null, SQLiteDatabase.OPEN_READWRITE);
     }

Could someone explain me what I did wrong ?

 

[Nick Parker]

> --
>
> ---
> You received this message because you are subscribed to the Google
> Groups "SQLCipher Users" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to sqlcipher+...@googlegroups.com.
> For more options, visit https://groups.google.com/groups/opt_out.
>
>
Hi Hani,

Could you share a bit more information about your problem specifically?
What happened? Did you get an error, if so what was it?

--
Nick Parker

[Hani]

When I try to copy my database file (encrypted.db) into the /data/data ..../databases folder, the copy doesn't succeed and throw an IOException.
I have change my copy method and now I use your extractAssetToDatabaseDirectory method for doing that but I encounter the same issue.

Could the issue be from another source ?

Hani.

[Nick Parker]

On 2/6/13 11:18 AM, Hani wrote:
> When I try to copy my database file (encrypted.db) into the /data/data
> ..../databases folder, the copy doesn't succeed and throw an IOException.
> I have change my copy method and now I use your
> extractAssetToDatabaseDirectory method for doing that but I encounter
> the same issue.
>
> Could the issue be from another source ?
>
> Hani.
>
>
>
>

> Le mercredi 6 f�vrier 2013 16:40:39 UTC+1, Nick Parker a �crit :

> > an email to sqlcipher+...@googlegroups.com <javascript:>.

> > For more options, visit https://groups.google.com/groups/opt_out

> <https://groups.google.com/groups/opt_out>.

> >
> >
> Hi Hani,
>
> Could you share a bit more information about your problem specifically?
> What happened? Did you get an error, if so what was it?
>
> --
> Nick Parker
>
> --
>
> ---
> You received this message because you are subscribed to the Google
> Groups "SQLCipher Users" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to sqlcipher+...@googlegroups.com.
> For more options, visit https://groups.google.com/groups/opt_out.
>
>
Hi Hani,

Could you post the contents of the actual exception - it will help us
understand what might be the cause of the IOException. Are you sure
you've included the database file correctly in the asset directory?

--
Nick Parker

[Stephen Lombardo]

Hi Hani,

On 2013-02-06, Hani wrote:
> I have an encrypted database created with SQLite Database Browser and
> encrypted using sqlcipher (with ATTACH DATABASE ...).

I have a few questions:

1. How did you create the encrypted database? e.g. did you create it in SQLite Database Browser and then use the SQLCipher command line tool to encrypt it before transferring it to the device, or did you build SQLite Database Browser with SQLCipher support?

2. Have you inspected encrypted database file to ensure that it is actually encrypted, for instance using hexdump?

Cheers,
Stephen

[Hani]

Salute,

I have put this error message :

02-07 10:25:52.775: System.err(20576): java.io.FileNotFoundException: /data/data/com.company.myprojectname/databases/encrypted.db: open failed: ENOENT (No such file or directory)
02-07 10:25:52.779: System.err(20576):     at libcore.io.IoBridge.open(IoBridge.java:416)
02-07 10:25:52.783: System.err(20576):     at java.io.FileOutputStream.<init>(FileOutputStream.java:88)

So I imagine that the issue comes from the fact that the application cannot create the file from copying it.
Do I need to add a permission ?

I did the encrypted file by first editing a database with SQLite Database Browser then I got the source of SQLCipher. I compiled it with a special ./configure and make. And encrypted it with the generated sqlite command. Then I did just as this link explained it :
http://zetetic.net/blog/2009/12/29/how-to-encrypt-a-plaintext-sqlite-database-to-use-sqlcipher.html

I have inspected the encrypted file with hexdump and I got some unreadable datas.

Hani.

[Hani]

Perhaps it will be interesting for you to know that I'm writting a library with which I generate .jar file that I include in myprojectname application ( in the libs folder).
I put the encypted file in the assets folder of the final application.

Do I need to add some permissions to my library ?

Hani.

[Hani]

Could the issue comes from the fact that I try copy a file that is not a database file in the database folder ?

Hani.

[Nick Parker]

On 2/7/13 3:41 AM, Hani wrote:
> Salute,
>
> I have put this error message :
>
> 02-07 10:25:52.775: System.err(20576): java.io.FileNotFoundException:
> /data/data/com.company.myprojectname/databases/encrypted.db: open
> failed: ENOENT (No such file or directory)
> 02-07 10:25:52.779: System.err(20576): at
> libcore.io.IoBridge.open(IoBridge.java:416)
> 02-07 10:25:52.783: System.err(20576): at
> java.io.FileOutputStream.<init>(FileOutputStream.java:88)
>
> So I imagine that the issue comes from the fact that the application
> cannot create the file from copying it.
> Do I need to add a permission ?
>
> I did the encrypted file by first editing a database with SQLite
> Database Browser then I got the source of SQLCipher. I compiled it with
> a special ./configure and make. And encrypted it with the generated
> sqlite command. Then I did just as this link explained it :
> http://zetetic.net/blog/2009/12/29/how-to-encrypt-a-plaintext-sqlite-database-to-use-sqlcipher.html
>
> I have inspected the encrypted file with hexdump and I got some
> unreadable datas.
>
> Hani.
>
>

> Le mercredi 6 f�vrier 2013 19:21:19 UTC+1, Stephen Lombardo a �crit :

>
> Hi Hani,
>
> On 2013-02-06, Hani wrote:
> > I have an encrypted database created with SQLite Database Browser and
> > encrypted using sqlcipher (with ATTACH DATABASE ...).
>
> I have a few questions:
>
> 1. How did you create the encrypted database? e.g. did you create it
> in SQLite Database Browser and then use the SQLCipher command line
> tool to encrypt it before transferring it to the device, or did you
> build SQLite Database Browser with SQLCipher support?
>
> 2. Have you inspected encrypted database file to ensure that it is
> actually encrypted, for instance using hexdump?
>
> Cheers,
> Stephen
>

> --
>
> ---
> You received this message because you are subscribed to the Google
> Groups "SQLCipher Users" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to sqlcipher+...@googlegroups.com.
> For more options, visit https://groups.google.com/groups/opt_out.
>
>

Hi Hani,

Thank you for including the stack trace. From the packaging name it
appears you are using IOCipher, is that correct? If so, it may be
helpful if you could explain the scenario you are attempting to give us
a better understanding.

That said, if you are having an issue copying a file from the assets
directory of your application into the databases directory could you try
the following things:

* Verify you are able to get a non null InputStream when calling open
from the AssetManager
* Observe bytes are read from the InputStream
* Verify the full path used for writing the FileOutputStream

--
Nick Parker

[Hani]

Le jeudi 7 février 2013 15:13:17 UTC+1, Nick Parker a écrit :

On 2/7/13 3:41 AM, Hani wrote:
> Salute,
>
> I have put this error message :
>
> 02-07 10:25:52.775: System.err(20576): java.io.FileNotFoundException:
> /data/data/com.company.myprojectname/databases/encrypted.db: open
> failed: ENOENT (No such file or directory)
> 02-07 10:25:52.779: System.err(20576):     at
> libcore.io.IoBridge.open(IoBridge.java:416)
> 02-07 10:25:52.783: System.err(20576):     at
> java.io.FileOutputStream.<init>(FileOutputStream.java:88)
>
> So I imagine that the issue comes from the fact that the application
> cannot create the file from copying it.
> Do I need to add a permission ?
>
> I did the encrypted file by first editing a database with SQLite
> Database Browser then I got the source of SQLCipher. I compiled it with
> a special ./configure and make. And encrypted it with the generated
> sqlite command. Then I did just as this link explained it :
> http://zetetic.net/blog/2009/12/29/how-to-encrypt-a-plaintext-sqlite-database-to-use-sqlcipher.html
>
> I have inspected the encrypted file with hexdump and I got some
> unreadable datas.
>
> Hani.
>
>

> Le mercredi 6 f�vrier 2013 19:21:19 UTC+1, Stephen Lombardo a �crit :

My InputStream is not null and I can read the bytes it contains.
Moreover the full path for writing is correct. I get it like that :

CHEMIN_BDD = "/data/data/" + context.getPackageName() + "/databases/";

Here is the scenario of what I want to do. I have to do provide a library to a customer which does some operations on datas stored in a database.
I don't want these datas to be in plain text and so I want to encrypt it.

I encrypted it added it in the Assets folder of a application test of my own.
I added my library (.jar file) into the libs folder and i wrote a simple application which work with my library and my database.
My library is globally speaking an AsyncTask which reads datas and does some operations.

The constructor of my AsyncTask contains a call for constructing a database MyDBClass which contains a SQLiteOpenHelper derived method where I want to copy the source file to the destination file.

[Hani]

Regarding the use of IOCipher, I don't know if I'm using it indirectly.
How I did :
I downloaded the last source of SQLCipher : android-database-sqlcipher-master with git
I opened the dist/SQLCipherForAndroid-SDK/libs folder and I copied the files into the libs folder of my application.
I copied also the assets/icudt44l.zip into the assets folder of my application.

[Nick Parker]

On 2/7/13 9:00 AM, Hani wrote:
>
>
> Le jeudi 7 f�vrier 2013 15:13:17 UTC+1, Nick Parker a �crit :

>
> On 2/7/13 3:41 AM, Hani wrote:
> > Salute,
> >
> > I have put this error message :
> >
> > 02-07 10:25:52.775: System.err(20576): java.io.FileNotFoundException:
> > /data/data/com.company.myprojectname/databases/encrypted.db: open
> > failed: ENOENT (No such file or directory)
> > 02-07 10:25:52.779: System.err(20576): at
> > libcore.io.IoBridge.open(IoBridge.java:416)
> > 02-07 10:25:52.783: System.err(20576): at
> > java.io.FileOutputStream.<init>(FileOutputStream.java:88)
> >
> > So I imagine that the issue comes from the fact that the application
> > cannot create the file from copying it.
> > Do I need to add a permission ?
> >
> > I did the encrypted file by first editing a database with SQLite
> > Database Browser then I got the source of SQLCipher. I compiled it
> with
> > a special ./configure and make. And encrypted it with the generated
> > sqlite command. Then I did just as this link explained it :
> >
> http://zetetic.net/blog/2009/12/29/how-to-encrypt-a-plaintext-sqlite-database-to-use-sqlcipher.html
> <http://zetetic.net/blog/2009/12/29/how-to-encrypt-a-plaintext-sqlite-database-to-use-sqlcipher.html>
>
> >
> > I have inspected the encrypted file with hexdump and I got some
> > unreadable datas.
> >
> > Hani.
> >
> >

> > Le mercredi 6 f�vrier 2013 19:21:19 UTC+1, Stephen Lombardo a
> �crit :

> >
> > Hi Hani,
> >
> > On 2013-02-06, Hani wrote:
> > > I have an encrypted database created with SQLite Database
> Browser and
> > > encrypted using sqlcipher (with ATTACH DATABASE ...).
> >
> > I have a few questions:
> >
> > 1. How did you create the encrypted database? e.g. did you
> create it
> > in SQLite Database Browser and then use the SQLCipher command
> line
> > tool to encrypt it before transferring it to the device, or
> did you
> > build SQLite Database Browser with SQLCipher support?
> >
> > 2. Have you inspected encrypted database file to ensure that
> it is
> > actually encrypted, for instance using hexdump?
> >
> > Cheers,
> > Stephen
> >
> > --
> >
> > ---
> > You received this message because you are subscribed to the Google
> > Groups "SQLCipher Users" group.
> > To unsubscribe from this group and stop receiving emails from it,
> send

> > an email to sqlcipher+...@googlegroups.com <javascript:>.

> > For more options, visit https://groups.google.com/groups/opt_out

> <https://groups.google.com/groups/opt_out>.

Hi Hanni,

Thanks for clarifying the situation. It sounds as if the issue is
copying a file from the assets directory. A couple items for you to check:

* Verify the full path to the database file.
* Perform a check following the copy from the assets directory that the
file exists.

Also, you might consider pulling down the SQLCipher for Android test
suite [1]. It provides test case examples that perform file copy
operations as part of the tests, an example [2]. This might provide a
reference to compare against the issue you are seeing with your copy
routine.

1. https://github.com/sqlcipher/sqlcipher-android-tests/
2.
https://github.com/sqlcipher/sqlcipher-android-tests/blob/master/src/main/java/net/zetetic/tests/MigrationFromDatabaseFormat1To2.java
--
Nick Parker

[Nick Parker]

On 2/7/13 9:12 AM, Hani wrote:
> Regarding the use of IOCipher, I don't know if I'm using it indirectly.
> How I did :
> I downloaded the last source of SQLCipher :
> android-database-sqlcipher-master with git
> I opened the dist/SQLCipherForAndroid-SDK/libs folder and I copied the
> files into the libs folder of my application.
> I copied also the assets/icudt44l.zip into the assets folder of my
> application.
>
>

> Le jeudi 7 f�vrier 2013 16:00:01 UTC+1, Hani a �crit :
>
>
>
> Le jeudi 7 f�vrier 2013 15:13:17 UTC+1, Nick Parker a �crit :

> > Le mercredi 6 f�vrier 2013 19:21:19 UTC+1, Stephen Lombardo
> a �crit :

> <https://groups.google.com/groups/opt_out>.

Hi Hanni,

The current version of SQLCipher for Android can be found [1] which uses
icudt46l.zip, not icudt44l.zip. Please verify you are using the latest
binaries.

1.
https://github.com/downloads/sqlcipher/android-database-sqlcipher/SQLCipher%20for%20Android%202.1.1.zip

--
Nick Parker

[Hani]

It seems to me that the copy method works with this path :

/data/data/PackageName/encrypted.db

But doesn't works with :

/data/data/PackageName/databases/encrypted.db

Could the issue be a permission issue ? (Perhaps the library have not the right to write files into that folder, any idea ?)

I want to thank you for the help you provided me until now.

Hani.

Le jeudi 7 février 2013 16:14:09 UTC+1, Nick Parker a écrit :

On 2/7/13 9:12 AM, Hani wrote:
> Regarding the use of IOCipher, I don't know if I'm using it indirectly.
> How I did :
> I downloaded the last source of SQLCipher :
> android-database-sqlcipher-master with git
> I opened the dist/SQLCipherForAndroid-SDK/libs folder and I copied the
> files into the libs folder of my application.
> I copied also the assets/icudt44l.zip into the assets folder of my
> application.
>
>

> Le jeudi 7 f�vrier 2013 16:00:01 UTC+1, Hani a �crit :
>
>
>
>     Le jeudi 7 f�vrier 2013 15:13:17 UTC+1, Nick Parker a �crit :

>         > Le mercredi 6 f�vrier 2013 19:21:19 UTC+1, Stephen Lombardo
>         a �crit :

[Nick Parker]

On 2/7/13 10:23 AM, Hani wrote:
> It seems to me that the copy method works with this path :
>
> /data/data/PackageName/encrypted.db
>
> But doesn't works with :
>
> /data/data/PackageName/databases/encrypted.db
>
> Could the issue be a permission issue ? (Perhaps the library have not
> the right to write files into that folder, any idea ?)
>
> I want to thank you for the help you provided me until now.
>
> Hani.
>

> Le jeudi 7 f�vrier 2013 16:14:09 UTC+1, Nick Parker a �crit :

>
> On 2/7/13 9:12 AM, Hani wrote:
> > Regarding the use of IOCipher, I don't know if I'm using it
> indirectly.
> > How I did :
> > I downloaded the last source of SQLCipher :
> > android-database-sqlcipher-master with git
> > I opened the dist/SQLCipherForAndroid-SDK/libs folder and I copied
> the
> > files into the libs folder of my application.
> > I copied also the assets/icudt44l.zip into the assets folder of my
> > application.
> >
> >

> > Le jeudi 7 f�vrier 2013 16:00:01 UTC+1, Hani a �crit :
> >
> >
> >

> > Le jeudi 7 f�vrier 2013 15:13:17 UTC+1, Nick Parker a �crit :

> > > Le mercredi 6 f�vrier 2013 19:21:19 UTC+1, Stephen
> Lombardo
> > a �crit :

> > an email to sqlcipher+...@googlegroups.com <javascript:>.

> > For more options, visit https://groups.google.com/groups/opt_out
> <https://groups.google.com/groups/opt_out>.
> >
> >

> Hi Hanni,
>
> The current version of SQLCipher for Android can be found [1] which
> uses
> icudt46l.zip, not icudt44l.zip. Please verify you are using the latest
> binaries.
>
> 1.
> https://github.com/downloads/sqlcipher/android-database-sqlcipher/SQLCipher%20for%20Android%202.1.1.zip
> <https://github.com/downloads/sqlcipher/android-database-sqlcipher/SQLCipher%20for%20Android%202.1.1.zip>
>
>
> --
> Nick Parker
>
> --
>
> ---
> You received this message because you are subscribed to the Google
> Groups "SQLCipher Users" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to sqlcipher+...@googlegroups.com.
> For more options, visit https://groups.google.com/groups/opt_out.
>
>

Hi Hani,

No, you should not need to add a permission flag unless you were
attempting to read/write to an SD card. Could you verify the path you
are attempting to write to is the same as what would come back from
something like this:

File databaseFile = context.getDatabasePath("foo.db");
String databasePath = file.getAbsolutePath();

--
Nick Parker

[Hani]

Yes they are the same.

Nevertheless I've changed with the way your proposed me but I got the same issue.

But good news, it works when I write out of the databases folder.

Hani.

Le jeudi 7 février 2013 17:45:01 UTC+1, Nick Parker a écrit :

On 2/7/13 10:23 AM, Hani wrote:
> It seems to me that the copy method works with this path :
>
> /data/data/PackageName/encrypted.db
>
> But doesn't works with :
>
> /data/data/PackageName/databases/encrypted.db
>
> Could the issue be a permission issue ? (Perhaps the library have not
> the right to write files into that folder, any idea ?)
>
> I want to thank you for the help you provided me until now.
>
> Hani.
>

> Le jeudi 7 f�vrier 2013 16:14:09 UTC+1, Nick Parker a �crit :

>
>     On 2/7/13 9:12 AM, Hani wrote:
>     > Regarding the use of IOCipher, I don't know if I'm using it
>     indirectly.
>     > How I did :
>     > I downloaded the last source of SQLCipher :
>     > android-database-sqlcipher-master with git
>     > I opened the dist/SQLCipherForAndroid-SDK/libs folder and I copied
>     the
>     > files into the libs folder of my application.
>     > I copied also the assets/icudt44l.zip into the assets folder of my
>     > application.
>     >
>     >

>     > Le jeudi 7 f�vrier 2013 16:00:01 UTC+1, Hani a �crit :
>     >
>     >
>     >

>     >     Le jeudi 7 f�vrier 2013 15:13:17 UTC+1, Nick Parker a �crit :

>     >         > Le mercredi 6 f�vrier 2013 19:21:19 UTC+1, Stephen
>     Lombardo
>     >         a �crit :