3

I'm building an SDK to be used in a hosting app. This SDK includes working with DB using SQLite.

One of the requirements, is that the DB will be encrypted in order to prevent pulling the SQLite database from the device and using the user private information.

I started to work with SQLCipher, but there is no support for 64bit architecture devices, which causing the application to crash.

I checked some other possibilities, but all of them causing other issues that I decided to try handle it by myself.

My questions:

  1. Does Android have some encryption mechanism for DB files?
  2. Can I encrypt the file when the application starts, and decrypt it again when the application is closing? I know that in iOS there is some kind of possibility called NSFileProtection
  3. Do you know other library that can handle the DB encryption, that supports 64bit devices?
  4. Do you know if there is an Android solution for this, without using JNI(javax.crypto)?

I'll be happy to get any information or help.

Ofir A.
  • 3,112
  • 11
  • 57
  • 83

2 Answers2

4

there is no support for 64bit architecture devices

SQLCipher works fine on the 64-bit devices that I have used it on. I seem to recall some issues with some apps that had multiple NDK libraries/code, where some had 64-bit libraries and some did not, where there were issues. I would suggest that you open separate Stack Overflow questions, or use other support resources (e.g., SQLCipher's support board), to get to the bottom of your difficulties.

Does Android have some encryption mechanism for DB files?

No.

Can I encrypt the file when the application starts, and decrypt it again when the application is closing?

No, for several reasons, not the least of which is that applications do not close on Android.

Do you know other library that can handle the DB encryption, that supports 64bit devices?

No, and asking for off-site resources is considered to be off-topic for Stack Overflow, anyway.

Do you know if there is an Android solution for this, without using JNI(javax.crypto)?

This is the same as the first and third questions.

CommonsWare
  • 986,068
  • 189
  • 2,389
  • 2,491
  • Thanks for the detailed answer. So you think SQLCipher is the the best option and there is no other possibility to achieve it? I already talked with Nick Parker from Zetetic and it seems the problem is with OpenSSL not natively building x64 for Android without modification. – Ofir A. Jan 26 '16 at 19:27
  • @OfirA.: "there is no other possibility to achieve it?" -- I am not aware that SQLite's own SEE stuff works on Android. You can always do your own field-level encryption or something, encrypting the data yourself before it goes into the database, but that gets clunky quickly. If you're not tied into relational data, I think Realm offers on-disk encryption, and I'm hoping that Couchbase Mobile gets it this year. But, again, in general, SQLCipher works on 64-bit CPUs, though possibly not in conjunction with other NDK code. So, another possible solution is to remove the other NDK code. – CommonsWare Jan 26 '16 at 19:31
  • @OfirA.: On the 64-bit issue, see [this comment posted today](https://discuss.zetetic.net/t/native-runtime-crash-from-sqlcipher-for-android/1096/4). That's the only scenario I know of where SQLCipher for Android fails on 64-bit machines. While the long-term answer is to get SQLCipher building for 64-bit Android, the short-term workaround is to remove the other 64-bit libraries, so that everything works using the 32-bit libraries. – CommonsWare Jan 26 '16 at 21:12
  • Thanks. Correct me if I'm wrong, but if I'm using only the 32-bit folders I'm causing my hosting app to degrade also to 32-bit(not only in the sqlite area), right? I saw you comment in the next [link](https://discuss.zetetic.net/t/sqlcipher-android-64bit-support/667) – Ofir A. Jan 26 '16 at 21:24
  • @OfirA.: I am not an Android internals expert, and so I cannot answer that question. However, I fail to see how it matters, at least for a Java-centric app. 64-bit support is not some magic elixir. It does boost performance. However, your app still has to perform well on 32-bit devices, since there are plenty of those. Even if you lose the 64-bit boost, I'd look at that as a temporarily missed optimization, not some sort of show-stopping impediment. – CommonsWare Jan 26 '16 at 21:37
  • I understand and totally agree, but because this an SDK solution I can't cause my customer application to not support 64-bit when he meant otherwise, even for a temporary solution. Thanks for your help. – Ofir A. Jan 26 '16 at 21:43
0

You need to use the latest version of android-database-sqlcipher here. Am using 3.5.4 it solved "java.lang.UnsatisfiedLinkError: dlopen failed: library "libutils.so" not found". Please check it here

kartiraman
  • 198
  • 3
  • 6