12

I am trying to secure some sensible data by implementing encryption in my already existing and functioning database setup in an android application.

I tried to follow this tutorial (http://sqlcipher.net/sqlcipher-for-android/) and I browsed a lot of foruns, including the google group for Cipher. However, I still don't clearly understand how does SQLCipher work and how I should adapt my code to serve my needs.

I am following this implementation of databases in android: http://www.vogella.com/articles/AndroidSQLite/#databasetutorial_database, meaning I have an extension of the SQLiteOpenHelper class and another class to store CRUD methods.

In this situation how should I use SQLCipher? Where should I define the password? Where should I use loadLibs(context)? Only in the main activity? Or in every activity that accesses the database?

I feel I'm almost there, I just need the final push to figure this out :P Thanks in advance!

JZweige
  • 721
  • 2
  • 9
  • 15
  • "Where should I define the password?" - Very good question, the sqlcipher helper creates the db but doesnt seem to have any paramter or anything for password. Got the same issue atm. – Ostkontentitan Nov 01 '13 at 12:45

2 Answers2

19

In this situation how should I use SQLCipher?

Exactly like an normal your normal sql implementation.

Where should I define the password?

If you are using SQLiteHelper it will create the database when you first get it like this: 

helper.getWriteableDatabase("myPassword");

On the first call it will create the database with this Password. On the upcoing calls it will only work with this password.

( Figured that out when i went to the Source: https://github.com/sqlcipher/android-database-sqlcipher/blob/master/android-database-sqlcipher/src/main/java/net/sqlcipher/database/SQLiteOpenHelper.java, checkout the method getWriteableDatabase( String pw ) there! )

Where should I use loadLibs(context)?

Right before you call helper.getWriteableDatabase("myPassword"); the first time!

Adam Burley
  • 5,551
  • 4
  • 51
  • 72
Ostkontentitan
  • 6,930
  • 5
  • 53
  • 71
  • How do we handle app upgrade from plain Content Provider to Encrypted Content provider (using SQLCipher)? My app crashes when I try to upgrade the app with these changes. – Kaps Jan 20 '16 at 10:41
3

In this situation how should I use SQLCipher?

That is impossible to answer in the abstract. You would use it largely the same way that you use SQLite.

Where should I define the password?

You should get it from the user.

Where should I use loadLibs(context)? Only in the main activity? Or in every activity that accesses the database?

Once per process is sufficient (in fact, more could conceivably be a problem). If you are using a ContentProvider for your SQLCipher database, call loadLibs() in onCreate() of the ContentProvider. If you are using a custom Application, call loadLibs() in onCreate() of the Application.

CommonsWare
  • 986,068
  • 189
  • 2,389
  • 2,491
  • "That is impossible to answer in the abstract. You would use it largely the same way that you use SQLite." I am asking how to integrate it with SQLiteOpenHelper, not in abstract. But thanks for the rest. – JZweige Jul 19 '13 at 20:56
  • @JZweige: SQLCipher for Android has its own `SQLiteOpenHelper` replacement. You would use it largely the same way that you use the `SQLiteOpenHelper` that is part of standard Android. – CommonsWare Jul 19 '13 at 21:04
  • So you're saying that the only thing I need to do is to replace the imports and add loadLibs()? Interesting going to try that and do some tests, I'll see how it goes. – JZweige Jul 19 '13 at 22:23
  • 1
    @JZweige: "So you're saying that the only thing I need to do is to replace the imports and add loadLibs()?" -- you will also need to collect a password from the user and use that when you call `getReadabaleDatabase()` and `getWritableDatabase()`. Otherwise, yes, it's pretty much a drop-in replacement. – CommonsWare Jul 19 '13 at 22:25
  • How do we handle app upgrade from plain Content Provider to Encrypted Content provider (using SQLCipher)? My app crashes when I try to upgrade the app with these changes. Fresh install with encryption works good. – Kaps Jan 21 '16 at 12:41
  • 1
    @Kaps: "My app crashes when I try to upgrade the app with these changes" -- then ask a fresh Stack Overflow question, where you provide the Java stack trace associated with the crash, along with the Java code that generates that crash. – CommonsWare Jan 21 '16 at 12:44
  • @CommonsWare: Have done that, but not getting any resolution from folks, http://stackoverflow.com/questions/34897615/upgrading-plain-content-provider-databacked-by-sqlite-to-encrypted-using-sqlci – Kaps Jan 21 '16 at 12:47