I have created SQLite database in android.
Here I decided to use encryption. I know about sqlite but I don't know how to implement sqlite encryption method, the data that is saved in database needs to be encrypted
and while retrieving data it should be decrypted.
You can use SQLChiper for Android for AES 256-bit encryption for .db files which i suppose is easier than handling encryption and decryption for each database query
Related
I have a realm object with sensitive and not sensitive fields and I wanna encrypt just some fields of my object. Is it possible to do it in Realm database?
Realm encryption applies to the whole database. To encrypt specific columns in your database you will need to roll your own encryption. There is some discussion using the javax.crypto library here
I want to secure my sqlite database.
I searched a lot but ended up with the suggestions of using SQLCipher.
Is there any new advancement in this field other than SQLCipher?
Please suggest.
If you don't want to use SQLCipher, One thing you can do is encrypt your data before storing it in the database and decrypt it at runtime when populating it.
You can use a encryption key that you can store on Firebase and retrieve it from there at your app startup, this will add another layer of security to your encryption because the key will not be exposed inside the app if someone decompiles the app.
I'm securing my database on my own, procedure is following:
ORMLite used as ORM (platform independent ORM over SQLite)
All sensible data stored in BLOB's
BLOB's secured using standard encryption technique, e.g. com.madgag.spongycastle works well under Android
I created an encrypted sqlite database with SQLCipher export().
I'm worried about security and reverse engineering of the apk, so the decrypt password is not in the app, but it is entered from the user on app start.
The problem is: How can I read the encrypted database from assets folder?
I've found libraries like SQLiteAssetHelper or ExternalSQLIteimporter but they can't import encrypted databases.
Any idea?
I wrote my sqlite database then i imported to my application,
I used this ,and it works fine.
after that I recognized that my database is unencrypted, so with any root phone can access it.
so i suggested this way:
1- encrypt my database with key then
2- return it to my application then
3- use encryption key in my code to decrypt database then
4- I use proguard to encrypt my code(because my code has the encryption key).
does this way is correct?
yes, how to do it?
no, what I must to do?
I read about sqlcipher, but I think this technique to encrypt database from creation.
is Full Database Encryption for SQLite
sqlcipher
here is example
Is it necessary to encrypt the sqlite db that goes with your Android app?
As Michael commented, it depends whether the data is required to be encrypted, but in general, it's better to encrypt the data and then store it in the database then encrypt-decrypt the whole database.