- Xamarin Mobile Development for Android Cookbook
- Matthew Leibowitz
- 440字
- 2021-07-30 10:23:29
Encrypting databases with SQLCipher
Encryption adds another level of security to our apps and data. If we have an app that contains sensitive information, such as passwords or confidential data, then encryption can help protect this data.
How to do it...
Adding encryption to our apps is as simple as adding a reference and creating a password or encryption key. Let's take a look at the following steps:
- Remove the Mono.Data.Sqlite reference if you are using ADO.NET, the SQLite.NET component, or the NuGet package if we are using SQLite.NET.
- Add the SQLCipher Android component to the project from the Xamarin Component Store. This can be done by right-clicking on the Components folder under the project. In the dialog that appears, we can search for SQLCipher and install the Android package.
- Once the component is installed, we modify our code that opens the database connection to include a password. If we use ADO.NET to access databases, we can first set the password before opening the connection:
using (var conn = new SqliteConnection(connectionString)) { conn.SetPassword("StrongPasswordHere123"); conn.Open (); // normal database access } - If we use SQLite.NET to access the database, we modify the connection constructor to include the password:
using (var conn = new SQLiteConnection( databasePath, "StrongPasswordHere123")) { // normal database access }
How it works...
SQLCipher provides transparent and secure 256-bit AES encryption of SQLite database files; all that we have to do is to specify a password. Passwords can be either a string or a byte array passed to the connection.
If we use the ADO.NET API, we call the SetPassword() method; if we use the SQLite.NET API; we pass the password in with the constructor. Other than this, there is no extra work for us to do.
Tip
Avoid hardcoding the key, especially in plain text, within the app, but rather encrypt or obfuscate the key. If the app is compromised, the key will not be easily available.
SQLCipher works with the SQLite engine to transparently encrypt the pages before being written to disk and decrypt them when read back into memory. Due to its small footprint and great performance, it can be used to protect SQLite databases in embedded and mobile environments, such as on Android devices.
SQLCipher includes its own build of SQLite as the native SQLite does not support all the features required to handle transparent database encryption. However, there is very little modification to the actual SQLite implementation and most changes are extensions to support the encryption process.
See also
- More information on SQLCipher can be found on the Zetetic LLC website: https://www.zetetic.net/sqlcipher
- The Data access with ADO.NET recipe
- The Data access with SQLite.NET recipe
- .NET之美:.NET關鍵技術深入解析
- C++程序設計(第3版)
- 簡單高效LATEX
- NativeScript for Angular Mobile Development
- JavaScript動態網頁開發詳解
- HTML5秘籍(第2版)
- CoffeeScript Application Development Cookbook
- Visual Basic程序設計(第三版)
- 網絡數據采集技術:Java網絡爬蟲實戰
- 快樂編程:青少年思維訓練
- 每個人的Python:數學、算法和游戲編程訓練營
- Scratch少兒編程高手的7個好習慣
- Cloud Development andDeployment with CloudBees
- Python深度學習:基于PyTorch
- 前端程序員面試筆試真題與解析