I am looking for a solution to perform encryption/decryption of a SQLite databse in a Android app without using any external libraries etc...
I read a lot about SQLCipher (https://guardianproject.info/code/sqlcipher/),
the SQLite extension that provides transparent 256-bit AES encryption
of database files
but it's not what I'm looking for...
Is it possible, for example, to compile the SQLite extension of my android project (which is in C) including the encryption module (This one: https://www.sqlite.org/see/doc/trunk/www/index.wiki from the SQLite org) ?
After I should be able to use it from my jni folder.
I actually don't know if it's the correct way or even if it's possible...
If you have any solutions, suggestions...
Related
I am currently designing a secure file storage Android application as part of a group coursework. I am charged with the security side of the app.
Where can I learn about the the classes and imports that Android offers to implement password hashing, encryption of the stored files and such? I have looked on the android developers site, but it was of little use to me, as I am inexperienced with android.
Thanks.
You can find useful information about Android Security here: http://developer.android.com/training/articles/security-tips.html
Anyway, any app on Android is isolated from the other, so you're basically safe until you keep your data in the private storage (obviously if the user has root permission you cannot avoid the reading of these private files).
If you're going to write file OUTSIDE (as on the SD), you will have to implement some algorithm to enrcypt your files.
You can look for AES encyption in Java: Java 256-bit AES Password-Based Encryption
I'm working on a project on mobile RDF databases for Android. Therefore I'm looking for open source databases to include in my Android project. However, it's difficult for me to find mobile versions of existing RDF databases.
What I've found so far:
Jena TDB database
Oracle Berkeley database
Unfortunately I haven't found mobile versions of Sesame, Virtuoso, AllegroGraph, etc.
Does anyone know some other RDF databases for Android?
I'm not an Android developer, so perhaps I'm overlooking something, but Sesame comes as a collection of maven modules, each a separate Java jar file. You can pick and choose the jar files you need and as far as I'm aware, you should be able to use them on Android straightaway. I don't think there's any need for a separate "mobile version", is there?
I am taking a look to Triple Place.
a light weight and flexible Triple Store for Android. It uses a
indexing structure similar to the one in Hexastore. TriplePlace uses
TokyoCabinet as persistent storage system.
You can find a brief presentation of its features here.
You can use SQLite to store RDF data and make queries for the triples, but SPARQL couldn't be done. Here is a good reference:
http://infolab.stanford.edu/~melnik/rdf/db.html
I would also take a look at 4store.
I have been working on a task assigned by my senior where i need to encrypt my application database but not allowed to do any of the following things:
no use of 3rd party jar files (guardian project or something)
cannot encrypt field-by-field encryption
I just have to encrypt and decrypt my database file through my application but excluding above conditions.
If anybody has done this, please lemme know anything you can tel me.
And i would like to tell you as per my senior it is possible to encrypt database, so there is no question whether it is possible or not without using 3rd party jar files or something.
I just have to encrypt and decrypt my database file through my application but excluding above conditions.
This is not possible given your restrictions, unless you rebuild the firmware with an encryption-enabled copy of SQLite (and I do not know if that is possible either).
Well you could use the android Cipher class. This link might help you
http://www.helloandroid.com/tutorials/encrypting-your-data
I want to know how to encrypt the external storage data (.asec).
Which algorithm is used, AES or another method?
And then what is the encryption key?
If a method to generate encryption key is open source, I think that it is going to cause a problem.
I would be grateful for any information about this.
The Android Open Source Project provides a document describing their crypto implementation.
Basically, they use AES in the Linux DM-CRYPT layer. See the document for full details, including how it interacts with vold.
I have an Android app that has been already developed using SQLite.
The DB is quite large (over 100 Megs) so it can be deployed only on the SD card.
The data inside the DB is sensitive so for this reason we need to encrypt the DB.
The default SQLite binary on the phone does not allow encryption or to add a plug in (extensions).
I manage to compile the SQLite using NDK with the encryption extension (I am calling this SQLiteS - from secure) but I still need to figure out how to copy the Sqlite API and bind it to the new SQLiteS binary.
The idea is to not change the already developed code using the SQLite default API excepting the package name.
Any idea of how can I accomplish this ?
Tryp getting a native jdbcsqlite driver onto Android.
which makes sqlite3_* calls(JNI).
Use the aapt tool to link the library(sqliteS) into the .apk file.
Also, you can change the sqlite3_* names(in SQLiteS.so you built) so that it doesnt refer to sqlite.so file provided by android.
Let me know the solution.
I know this is not an answer for your question, but you could try the (free, open source) H2 database. It supports data file encryption as well. There are some disadvantages however, for example some operations are quite a bit slower. You would need to use the JDBC API because the SQLite / Android database API is not yet supported. Disclaimer: I'm one of the H2 committers.
Use sqlCipher. SQLCipher is an open source extension to SQLite that provides transparent 256-bit AES encryption of database files.
See http://sqlcipher.net/