开发者

Need suggestions for a good way to encrypt/decrypt data stored in SQLite database on Android

问答 作者:

I ha开发者_如何学编程ve some sensitive data that is stored in SQLite for an Android app. I need to be able to encrypt when persisting but then also decrypting when deserializing from the database too. Not sure what my options are on Android for doing this?

There is nothing built into Android for encrypting database contents. You are welcome to encrypt/decrypt values yourself and store the encrypted material in the database, but that's up to you, and would have to be done on a cell-by-cell basis.

For encryption algorithms, Android has javax.crypto built in.

Also, bear in mind that if your encryption key is baked into your application, anyone who cares to will be able to get past your encryption.

You might want to take a look at this SO question regarding reading/writing password-protected zip files. It includes a few links to some OSS libraries that perform these tasks. Though you're not necessarily interested in compression, this could potentially solve the problem of decrypting the db at startup and then you could simply write the modified database back to the encrypted file.

@CommonsWare is absolutely right in that baking the password/key into your app means that someone who really wanted to could get at your data. However, I think it would prevent most people from swiping your data through trivial means.

No simple answer here. Guess Ill just use something simple to mangle the column values when serializing.

If you need to encrypt your database, you're probably using a log-in to your app for security, right? Why not have your log-in server store your "secret code" for the encryption and once they log-in, pull the "secret code" and store the code (in a public string, not to an actual file or preference). This way, if someone decompiles your app they still won't be able to decrypt the data and your data will be safe.

Then use:

On Destroy() to clear the code every time the app unloads.

Try SQLCipher for encrypting the database..

You can try encripting in SHA1

public static String encriptSHA1(String password){
        String hash = "";

        try {
            MessageDigest md;
            byte[] buffer, digest;

            buffer = password.getBytes();
            md = MessageDigest.getInstance("SHA1");

            md.update(buffer);
            digest = md.digest();

            for(byte aux : digest) {
                int b = aux & 0xff;
                if (Integer.toHexString(b).length() == 1) hash += "0";
                hash += Integer.toHexString(b);
            }
        } catch (NoSuchAlgorithmException e) {
        }

        return hash;
    }

继续阅读:androiddatabaseencryption

更多精彩内容

0

上一篇:

下一篇:

精彩评论

暂无评论...
登录 注册
Qedev.com
验证码 换一张
取 消

最新问答

问答排行榜

法律声明:本站内容均为网友上传,网站举办方负责审核和监督,

如存在版权或非法内容,欢迎举报,我们将尽快予以删除。

Copyright © 2018-2020 开发者. All rights reserved.

Powered by 开发者

ICP备案号: 京ICP备10032868号-9