SQLite.Net.Cipher: Secure Your Mobile Data Seamlessly and Effortlessly

DZone 's Guide to

SQLite.Net.Cipher: Secure Your Mobile Data Seamlessly and Effortlessly

SQLite database is used for storing data on mobile devices. It's important to secure your data to avoid rooting and jailbreaking.

· Mobile Zone ·
Free Resource

SQLite database has become the first choice for storing data on mobile devices. SQLite databases are just files that are stored on the file system. Other apps or processes can read/write data to this database file. This is true for almost all platforms; you could root/jailbreak the device and get the database file to do with it whatever you like. That’s why it is very important that you start looking into securing your data as much as possible.

In a previous blog post, I talked broadly about how you could secure your data on mobile apps from an architectural point of view. In this post, I will show you how you can use SQLite.Net.Cipher to encrypt/decrypt data when stored/accessed in/from your database. This library helps you secure the data and do all the work for you seamlessly. All you need to do it annotate the columns that you want to encrypt with one attribute. The library will do the rest for you.

The Model

public class SampleUser : IModel
    public string Id { get; set; }

    public string Name { get; set; }

    public string Password { get; set; }

Notice above that we have decorated our password property with a [Secure] attribute. This will tell the SQLite.Net.Cipher to encrypt the password property whenever storing data in the database, and it will decrypt it when reading out of the database.

The model needs to implement IModel, which enforces the contract of having a property with the name Id as a primary key. This is a common standard, and you could use other columns for PrimaryKey if you want and use backing properties to satisfy this requirement if you like.

The Connection

Your database connection entity needs to extend the SecureDatabase, which is provided to you by the SQLite.Net.Cipher as below:

public class MyDatabase : SecureDatabase
    public MyDatabase(ISQLitePlatform platform, string dbfile) : base(platform, dbfile)

    protected override void CreateTables()

You can use the CreateTable() method to create whatever tables you need. There is also another constructor that allows you to pass your own implementation of the ICryptoService if you like. This is the entity that is responsible for all encryption and decryption tasks.

See It in Action

To see the library in action, you could establish a connection to the database, insert some data, and retrieve it:

var dbFilePath = Path.Combine(Environment.GetFolderPath(Environment.SpecialFolder.MyDocuments), "mysequredb.db3");
var platform = new SQLite.Net.Platform.XamarinIOS.SQLitePlatformIOS();
ISecureDatabase database = new MyDatabase(platform, dbFilePath);
var keySeed = "my very very secure key seed. You should use PCLCrypt strong random generator";

var user = new SampleUser()
    Name = "Has AlTaiar", 
    Password = "very secure password :)", 
    Id = Guid.NewGuid().ToString()

var inserted = database.SecureInsert<SampleUser>(user, keySeed);

// you could use any desktop to inspect the database and you will find the Password column encrypted (and converted base64)

var userFromDb = database.SecureGet<SampleUser>(user.Id, keySeed);

And that’s all, assuming that you have installed the Nuget Package.



Please note that this library relies on the following great projects: SQLite.Net-PCL and PCLCrypto.

Both of these projects are really great and they support all major platforms, including builds for PCL libraries, so I would highly encourage your to look into them if you have not seen them before.

You can find the library on Nuget here, and the source code is on GitHub here; feel free to fork, change, and do whatever you like. I hope you find the library useful and I would love to hear any comments, questions, or feedback.

mobile, mobile data, mobile security, sqlite, tutorial

Published at DZone with permission of Has Altaiar . See the original article here.

Opinions expressed by DZone contributors are their own.

{{ parent.title || parent.header.title}}

{{ parent.tldr }}

{{ parent.urlSource.name }}