Title says it all. I have some sensitive data that is stored in SQLite for an Android app. I need to be able to encrypt when persisting but then also decrypting when deserializing from the database too. Not sure what my options are on Android for doing this?
views:
451answers:
4There is nothing built into Android for encrypting database contents. You are welcome to encrypt/decrypt values yourself and store the encrypted material in the database, but that's up to you, and would have to be done on a cell-by-cell basis.
For encryption algorithms, Android has javax.crypto
built in.
Also, bear in mind that if your encryption key is baked into your application, anyone who cares to will be able to get past your encryption.
You can try encripting in SHA1
public static String encriptSHA1(String password){
String hash = "";
try {
MessageDigest md;
byte[] buffer, digest;
buffer = password.getBytes();
md = MessageDigest.getInstance("SHA1");
md.update(buffer);
digest = md.digest();
for(byte aux : digest) {
int b = aux & 0xff;
if (Integer.toHexString(b).length() == 1) hash += "0";
hash += Integer.toHexString(b);
}
} catch (NoSuchAlgorithmException e) {
}
return hash;
}
You might want to take a look at this SO question regarding reading/writing password-protected zip files. It includes a few links to some OSS libraries that perform these tasks. Though you're not necessarily interested in compression, this could potentially solve the problem of decrypting the db at startup and then you could simply write the modified database back to the encrypted file.
@CommonsWare is absolutely right in that baking the password/key into your app means that someone who really wanted to could get at your data. However, I think it would prevent most people from swiping your data through trivial means.
No simple answer here. Guess Ill just use something simple to mangle the column values when serializing.