locked
Sqlite DB File Protection,Security or encryption

    Question

  • Hi , 

    I am using SQLIte database file for my offline work in my application (Windows Store app 8.1). Now the problem is the database is easy accessible 

    for the User and i may have highly confidential data in my database . So i need Database protection . i have seen this valueable answer already.

     http://social.msdn.microsoft.com/Forums/windowsapps/en-US/38868159-a361-4cd6-a5ca-721a833916e0/create-password-protected-sqlite-database?forum=winappswithcsharp

    So i need to Encrypt my database file . do any one have idea how i can achieve that . if i get encryption 128 bit that would be great . i can use third party api ,Open source ,or paid API  anything which not let hit the performance of application .

    Thursday, August 07, 2014 12:42 PM

Answers

  • The only way to protect highly confidential information is not to make it available. You would need to keep it on a server and only provide the results that you want to show to the user. Your app runs as the user, so anything the app can see the user can see.

    You can make things more difficult via obfuscation, but understand that so long as the app has the encryption key all you are really doing is obfuscating.

    SQLite won't be able to read an encrypted data base so you'd need to decrypt the database before using it with SQLite. This will probably make it easy for the user to copy out the decrypted database. A better approach would be to encrypt the data inside the database. I don't believe SQLite has this as a built in feature, but you could write one yourself to wrap the API that write to and read from the database.

    See Windows.Security.Cryptography for classes to allow encoding and decoding the data.

    --Rob

    Friday, August 08, 2014 12:54 AM
    Owner

All replies

  • The only way to protect highly confidential information is not to make it available. You would need to keep it on a server and only provide the results that you want to show to the user. Your app runs as the user, so anything the app can see the user can see.

    You can make things more difficult via obfuscation, but understand that so long as the app has the encryption key all you are really doing is obfuscating.

    SQLite won't be able to read an encrypted data base so you'd need to decrypt the database before using it with SQLite. This will probably make it easy for the user to copy out the decrypted database. A better approach would be to encrypt the data inside the database. I don't believe SQLite has this as a built in feature, but you could write one yourself to wrap the API that write to and read from the database.

    See Windows.Security.Cryptography for classes to allow encoding and decoding the data.

    --Rob

    Friday, August 08, 2014 12:54 AM
    Owner
  • Hi Dave , 

    After a lot of search i found the solution . i am posting only it can help to someone who is looking for same .SQLCipher for Windows Runtime dll . Verison - 3.1.0.0 .

    It provide the option to make your database file Encrypted and can only access by your application . While creating the DB i am creating as password protected . Sample and details about Encryption Decryption here you can get the sample and detail for your development . 

    The only problem i found while using this its makes your application slow . because for each database operation it has to do decryption and provide the password through your app . Security is, user will not be able to open the database directly to any Sqlite browser it will pop you up a message either this is not a database file or its encrypted.

    I hope this may help to others if they are looking something like this . (Though i have not implemented in my project because of performance).

     

     



    Tuesday, August 19, 2014 9:49 AM