tags:

views:

451

answers:

4
+1  Q: 

Need suggestions for a good way to encrypt/decrypt data stored in SQLite database on Android.

Title says it all. I have some sensitive data that is stored in SQLite for an Android app. I need to be able to encrypt when persisting but then also decrypting when deserializing from the database too. Not sure what my options are on Android for doing this?

+3  A: 

There is nothing built into Android for encrypting database contents. You are welcome to encrypt/decrypt values yourself and store the encrypted material in the database, but that's up to you, and would have to be done on a cell-by-cell basis.

For encryption algorithms, Android has javax.crypto built in.

Also, bear in mind that if your encryption key is baked into your application, anyone who cares to will be able to get past your encryption.

CommonsWare  2010-04-09 18:30:48
A: 

You can try encripting in SHA1

public static String encriptSHA1(String password){
        String hash = "";

        try {
            MessageDigest md;
            byte[] buffer, digest;

            buffer = password.getBytes();
            md = MessageDigest.getInstance("SHA1");

            md.update(buffer);
            digest = md.digest();

            for(byte aux : digest) {
                int b = aux & 0xff;
                if (Integer.toHexString(b).length() == 1) hash += "0";
                hash += Integer.toHexString(b);
            }
        } catch (NoSuchAlgorithmException e) {
        }

        return hash;
    }
YaW  2010-04-09 18:47:04
SHA1 is a one-way hashing algorithm and therefor can't be used in this scenario.
alexanderblom  2010-04-09 20:22:36
Yes, I need to encrypt when storing in the database but then decrypt when needed by my application.
Eno  2010-04-09 21:36:38
+1  A: 

You might want to take a look at this SO question regarding reading/writing password-protected zip files. It includes a few links to some OSS libraries that perform these tasks. Though you're not necessarily interested in compression, this could potentially solve the problem of decrypting the db at startup and then you could simply write the modified database back to the encrypted file.

@CommonsWare is absolutely right in that baking the password/key into your app means that someone who really wanted to could get at your data. However, I think it would prevent most people from swiping your data through trivial means.

NobodyMan  2010-04-10 19:03:09
+1  A: 

No simple answer here. Guess Ill just use something simple to mangle the column values when serializing.

Eno  2010-04-27 20:07:08

related questions

What language do you use for Postgresql triggers and stored procedures?
Are Multiple DataContext classes ever appropriate?
Which tools do people use to create Data Dictionaries?
Any experiences with Protocol Buffers?
Mechanisms for tracking DB schema changes
How big can a MySQL database get before performance starts to degrade.
How do I index a database field
How does database indexing work?
How do I connect to a database and loop over a recordset in C#?
Editing database records by multiple users
Object Oriented vs Relational Databases
VFP .NET OLEdb provider does not work in Win 64-Bits. Help
Embedded Database for .net that can run off a network
Connect PHP to an AS/400
Swap unique indexed column values in database.
cx_Oracle - what is the best way to iterate over a result set?
cx_Oracle - How do I access Oracle from Python?
.NET Migrations Engine
Is there a version control system for database structure changes?
SQLite and XSD
How do I version my MS SQL database in SVN?
XSD DataSets and ignoring foreign keys
Flat File Databases in PHP
Throw Error In MySQL Trigger
Binary Data in MySQL