×

Discussion Board

Page 1 of 2 12 LastLast
Results 1 to 15 of 20
  1. #1
    Registered User
    Join Date
    Nov 2013
    Posts
    24

    Encrypted SQLite in WP8

    Hi All,

    Can we encrypt the SQLite database in windows phone 8. I see there is SQLite Encryption Extension available but can we use it with WP8. If yes, how?

  2. #2
    Nokia Developer Champion
    Join Date
    Dec 2012
    Posts
    45

    Re: Encrypted SQLite in WP8

    Last edited by saramgsilva; 2013-11-28 at 16:06.
    __________________________________________________

    @saramgsilva
    Microsoft MVP - Visual C#
    Nokia Developer Champion

  3. #3
    Nokia Developer Champion
    Join Date
    Feb 2013
    Location
    Dublin, Ireland
    Posts
    573

    Re: Encrypted SQLite in WP8

    Quote Originally Posted by saramgsilva View Post
    Why are you want to encrypt the database? Only your app can read that database, don´t make sense.
    Security? even though a .XAP is encrypted and the WP8 platform is safe enough, that might not always be the case. And when it's cracked, you'll be able to read all the resources and assets from an app. So if you have anything of value, it should be encrypted as well.

    A lot of bigger corporations would insist on 'extra' encryption on top of whatever is provided by the system.

  4. #4
    Registered User
    Join Date
    Jan 2009
    Location
    Melbourne, Australia
    Posts
    2,571

    Re: Encrypted SQLite in WP8

    One approach is to encrypt data in database rather than the whole database - not a preferred approach, but may be OK in some cases. If that will suit you then see articles: How_to_encrypt_your_application_data_in_Windows_Phone and Encrpting_and_Decrypting_data_using_RSA_in_Windows_Phone cover how you can encrypt data strings -

  5. #5
    Nokia Developer Moderator
    Join Date
    Feb 2011
    Location
    Portugal
    Posts
    960

    Re: Encrypted SQLite in WP8

    Not sure how to do it... Sara's Links may help, but I'm also wondering why encrypt the whole database. This will certainly create an overhead that may not be that little if you have a lot of data on the database. Probably implementing a encryption + hashing of values to be easily searchable may be a better approach. You may not even encrypt the whole table row, just a few columns. If you dont need to search for that data, only select decrypt and show it, then you don't need to do anything else. But if you need to search for data in the column, then you can create a hash from the unecrypted content, and when searching crate a hash of what you are looking for and search for that.

    There are many different technics and each is aimed at doing the work of decoding data as hard as possible to the point where its not financially of timing viable to get to it. Pro create an extra layer of protection of assets, resources strings, etc you may also consider adopting a product like SmartAssembly.

  6. #6
    Registered User
    Join Date
    Nov 2013
    Posts
    24

    Re: Encrypted SQLite in WP8

    Hi Sara,
    Quote Originally Posted by saramgsilva View Post
    Why are you want to encrypt the database? Only your app can read that database, don´t make sense.
    I work for a big software company. Data is their biggest asset. Today WP is safe but some day Android and iOS were too. You never know when a rooting/jailbreaking procedure will come up for WP. Hope you got the point.

    And i had posted this question 2 days back, in the meantime i had gone through all the possible stackoverflow links, the only thing seems to work is CSharp-SQLite. Encrypting your database with it is as simple as just a two step procedure. I am amazed it was rarely documented.
    1.Compile your application with SQLITE_HAS_CODEC flag.
    2.Activate encryption with the PRAGMA HEXKEY command.

    And your database encryption will be automatically handled. It works like charm. The only issue is that library is no more supported. The last release was in Aug 2011. So after a bit more research i came across SEE. Its encryption extension over the public SQLite. Its not free though. I purchased a licensed copy of it. Now the issue i have with this is, the source code for SEE is purely in C. As per my knowledge I need to compile it for WP8 using WinPRT component and access it in the C# code using C++/CX interface. But i have absolutely no experience with it. Can you guys please help me on it.
    Last edited by nikita.m; 2013-11-29 at 15:14.

  7. #7
    Registered User
    Join Date
    Nov 2013
    Posts
    24

    Re: Encrypted SQLite in WP8

    Quote Originally Posted by theothernt View Post
    Security? even though a .XAP is encrypted and the WP8 platform is safe enough, that might not always be the case. And when it's cracked, you'll be able to read all the resources and assets from an app. So if you have anything of value, it should be encrypted as well.

    A lot of bigger corporations would insist on 'extra' encryption on top of whatever is provided by the system.
    I completely agree!!

  8. #8
    Registered User
    Join Date
    Nov 2013
    Posts
    24

    Re: Encrypted SQLite in WP8

    Hi hamishwillee and joaocardosa,

    Quote Originally Posted by hamishwillee View Post
    One approach is to encrypt data in database rather than the whole database - not a preferred approach, but may be OK in some cases. If that will suit you then see articles: How_to_encrypt_your_application_data_in_Windows_Phone and Encrpting_and_Decrypting_data_using_RSA_in_Windows_Phone cover how you can encrypt data strings -
    According to your solution. I should encrypt the data myself before pushing it to database and decrypt it back after pulling from db. This solution seems quite trivial for me. Because the db encryption solution has to be implemented for 4 application. 2 of which are already on store(Sorry i should have mentioned it before). This approach would break backward compatibility I guess. Correct me if I am wrong.

  9. #9
    Nokia Developer Moderator
    Join Date
    Feb 2011
    Location
    Portugal
    Posts
    960

    Re: Encrypted SQLite in WP8

    Quote Originally Posted by nikita.m View Post
    Hi hamishwillee and joaocardoso,

    The approach you guys suggest is encrypt data yourself before pushing to database and decrypt it back after reading from database. But this solution seems quite trivial for me. Because the solution for encypting database has to be implemented in 4 applications. 2 of which are already on store. So this method would break the backward compatibility i guess. Correct me if i am wrong.
    If you use MVVM on your apps it should be a simple change on the Viewmodel or even at the Model itself.

    For backward compatibility I would suggest including a migration strategy. When you open your app you check if you are using the encrypted version of the database or not, create a new one if thats not the case with a different name and migrate data. You could go all the way and allow the user to decide if he/she wants to encrypt data or not.

    I do think its cool to just change a setting on the database and have everything encrypted, but to tell you the truth I never used that type of approach on any app (full database encryption).

  10. #10
    Registered User
    Join Date
    Jan 2009
    Location
    Melbourne, Australia
    Posts
    2,571

    Re: Encrypted SQLite in WP8

    Quote Originally Posted by nikita.m View Post
    Hi hamishwillee and joaocardosa,

    According to your solution. I should encrypt the data myself before pushing it to database and decrypt it back after pulling from db. This solution seems quite trivial for me. Because the db encryption solution has to be implemented for 4 application. 2 of which are already on store(Sorry i should have mentioned it before). This approach would break backward compatibility I guess. Correct me if I am wrong.
    Yes it would, because your old data would be stored in some sort of cleartext and your new data would be some sort of encrypted text. You would have to update/convert databases.

    However isn't that true with both solutions?

  11. #11
    Registered User
    Join Date
    Nov 2013
    Posts
    24

    Re: Encrypted SQLite in WP8

    Hi hamishwillee,
    Quote Originally Posted by hamishwillee View Post
    Yes it would, because your old data would be stored in some sort of cleartext and your new data would be some sort of encrypted text. You would have to update/convert databases.

    However isn't that true with both solutions?
    CSharp-SQLite do not support it, SEE does. According to what i read, "SEE is an extension for public SQLite, it work seamless with your old unencrpted database". But i am yet not able to compile SEE for wp8 so can't tell that for sure. Do we have someone experienced here on compiling c code for wp8?

    p.s: If someone don't need backward compatibility or its a brand new db, then you can safely go for CSharp-SQLite. I have tested and it works like charm. I can post sample code if someone needs it.

  12. #12
    Registered User
    Join Date
    Jan 2013
    Posts
    34

    Re: Encrypted SQLite in WP8

    I'm not all familiar with what Windows Phone 8 has in terms of application security but, if Windows Phone 8 is cracked in a way that someone can access your database it means it can also access the application binaries. What keeps that someone from decrypting your database?

  13. #13
    Registered User
    Join Date
    Nov 2013
    Posts
    24

    Re: Encrypted SQLite in WP8

    Hi Paulo,
    Quote Originally Posted by paulo.morgado View Post
    I'm not all familiar with what Windows Phone 8 has in terms of application security but, if Windows Phone 8 is cracked in a way that someone can access your database it means it can also access the application binaries. What keeps that someone from decrypting your database?
    I agree. But after getting the binaries it has to be reverse engineered to generate source code to get the encryption key out of it. To add one more level of security you can obfuscate your source code before compiling to make it difficult to understand. So no matter what you can't provide a 100% security but the goal should be to make it as secure as possible.

    Also let me know if you have a better solution.

  14. #14
    Registered User
    Join Date
    Nov 2013
    Posts
    24

    Re: Encrypted SQLite in WP8

    Hey Guys,

    Good news here. I contacted SQLite team and together we were able to compile a dll out of sqlite3 and SEE source code. But i don't think i can post the procedure here since the library is licensed. But the bottom line is its possible to use SEE with windows phone and windows store apps. I may be able to help you once you decide to use SEE and get a licensed copy of it.

    Until now I used that dll with Windows store apps and it works great. Now looking for using it with WP8. Seems bit tricky. Will update you once i find something.

  15. #15
    Nokia Developer Champion
    Join Date
    Feb 2013
    Location
    Dublin, Ireland
    Posts
    573

    Re: Encrypted SQLite in WP8

    Quote Originally Posted by nikita.m View Post
    Hey Guys,

    Good news here. I contacted SQLite team and together we were able to compile a dll out of sqlite3 and SEE source code. But i don't think i can post the procedure here since the library is licensed. But the bottom line is its possible to use SEE with windows phone and windows store apps. I may be able to help you once you decide to use SEE and get a licensed copy of it.

    Until now I used that dll with Windows store apps and it works great. Now looking for using it with WP8. Seems bit tricky. Will update you once i find something.
    Great news, and well done for figuring it out. Although you may have to license SEE, etc there should be no issue with putting together a guide or wiki and how to compile and use the library?

Similar Threads

  1. how to send Encrypted SMS
    By dsddf sfd in forum Mobile Java Networking & Messaging & Security
    Replies: 1
    Last Post: 2013-03-18, 12:52
  2. getting encrypted message
    By Arunesh in forum Mobile Java Networking & Messaging & Security
    Replies: 2
    Last Post: 2009-10-12, 10:48
  3. encrypted call
    By robytagliabue in forum General Development Questions
    Replies: 1
    Last Post: 2006-10-17, 18:35
  4. DRM encrypted jar
    By BlueLava in forum Mobile Java General
    Replies: 3
    Last Post: 2006-07-20, 08:29

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
×