[android-developers] Re: Encrypt database file

I would just encrypt the really sensitive fields, if anything. In
most apps, only a very small percentage of the data is really
sensitive. But, by doing encryption in the application level, you are
going to lose some nice features such as being able to sort or search
on your data.

On Apr 27, 9:53 am, DanH <danhi...@ieee.org> wrote:
> You can always encrypt/decrypt the DB file each time you end/start the
> application.  But if the app dies suddenly the file is left
> unencrypted.
>
>  You could compile your own version of SqlCipher (I've done it twice
> for other platforms -- not exactly rocket science, but it is jet
> engine science).  You are faced with the problem of finding a suitable
> crypto implementation (ideally OpenSSL).  Easy to just download and
> compile a separate copy for yourself if this is for personal use, but
> you're apt to run afoul of import/export rules if you try to sell your
> app (especially if you ship it from the US).  If you could access the
> in-built encryption support that would be ideal (avoids the import/
> export problem), but I'm not sure there's a way to get at it.
>
> You can encrypt/decrypt individual rows in the DB as you read/write.
> This is inefficient and awkward -- you basically have to put all the
> data into one long string, and any search keys must be left in clear
> text.  It's also relatively easy to crack.
>
> For small amounts of data it's probably better to put the data into
> XML or JSON and read/write the entire file, decrypting/encrypting as
> you do the file I/O.
>
> On Apr 26, 7:41 am, DanielSchH <dan...@schmitz-huebsch.net> wrote:
>
>
>
> > Hello,
>
> > I´m looking for a way to secure a SQLite database in Android. I have
> > read some stuff about sqlcipher but it seems to be quite complicated
> > to integrate the lib into a Android project and to write a java
> > wrapper.
>
> > So my idea is to create an normal SQLite database and encrypt the
> > file. Has anybody tried it already or is it not possible.
>
> > Thanks a lot,
> > Daniel- Hide quoted text -
>
> - Show quoted text -

--
You received this message because you are subscribed to the Google
Groups "Android Developers" group.
To post to this group, send email to android-developers@googlegroups.com
To unsubscribe from this group, send email to
android-developers+unsubscribe@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/android-developers?hl=en