Android sqlite Database encryption

Demand background

Android System native SQlite Is plaintext storage , Encryption is not supported , In this way, once the third party gets the device db file , It is equivalent to exposing everything , In this context , Have to encrypt the database .

Solution

The project uses greendao Database framework , and greendao It supports database encryption , It is open source SQLCipher To encrypt .

Yes sqlite Encrypt the database

1. because greendao I'm already dependent on SQLCipher, therefore app No additional dependency is required
2. The program needs to be loaded during initialization SQLCipher The required SO library

SQLiteDatabase.loadLibs(context);

3. Encrypt database

private void encrypt(String password, File fileDir) {
    

        try {
    
            File dbFile = new File(fileDir, DB_NAME);
            File encryptDbFile = new File(fileDir, DB_NAME_ENCRYPT);

            SQLiteDatabase database = SQLiteDatabase.openOrCreateDatabase(dbFile.getAbsolutePath(), "", null);

            //SQLiteDatabase database = SQLiteDatabase.openDatabase(dbFile.getAbsolutePath(), "", null, SQLiteDatabase.OPEN_READWRITE);

            // Connect to the encrypted database , And set the password 
            database.rawExecSQL(String.format("ATTACH DATABASE '%s' as encrypted KEY '" + password + "';", encryptDbFile.getAbsolutePath()));
            // Output the database table and data to be encrypted to the encrypted database file 
            database.rawExecSQL("SELECT sqlcipher_export('encrypted');");
            // Disconnect from the encrypted database 
            database.rawExecSQL("DETACH DATABASE encrypted;");

            SQLiteDatabase decrypteddatabase = SQLiteDatabase.openDatabase(encryptDbFile.getAbsolutePath(), password, null, SQLiteDatabase.OPEN_READWRITE);
            decrypteddatabase.setVersion(database.getVersion());
            decrypteddatabase.close();
            database.close();
            LogPrint.i("DbCore", "end encrypt");
        } catch (Exception e) {
    

            LogPrint.i("DbCore", e.getMessage());
            e.printStackTrace();
        }

4. Decrypt database

public void decrypt(String password, File fileDir) {
    

        LogPrint.i("DbCore", "start decrypt");
        try {
    
            File dbFile = new File(fileDir, DB_NAME);
            File encryptDbFile = new File(fileDir, DB_NAME_ENCRYPT);

			SQLiteDatabase database = SQLiteDatabase.openOrCreateDatabase(encryptDbFile.getAbsolutePath(), password, null);

            //SQLiteDatabase database = SQLiteDatabase.openDatabase(encryptDbFile.getAbsolutePath(), password, null, SQLiteDatabase.OPEN_READWRITE);

            // Connect to the encrypted database , And set the password 
            database.rawExecSQL(String.format("ATTACH DATABASE '%s' as encrypted KEY '';", dbFile.getAbsolutePath()));
            // Output the database table and data to be encrypted to the encrypted database file 
            database.rawExecSQL("SELECT sqlcipher_export('encrypted');");
            // Disconnect from the encrypted database 
            database.rawExecSQL("DETACH DATABASE encrypted;");

            SQLiteDatabase decrypteddatabase = SQLiteDatabase.openDatabase(dbFile.getAbsolutePath(), "", null, SQLiteDatabase.OPEN_READWRITE);
            decrypteddatabase.setVersion(database.getVersion());
            decrypteddatabase.close();
            database.close();
          
            LogPrint.i("DbCore", "end decrypt");

        } catch (Exception e) {
    

            LogPrint.i("DbCore", e.getMessage());
            e.printStackTrace();
        }
    }

5. Get the read-write database object with password

helper.getEncryptedWritableDb(DB_PASSWORD)