SQLite.Net.Cipher: Secure your data on all mobile platforms seamlessly and effortlessly

SQLite database have become the first choice for storing data on mobile devices. SQLite databases are just files that are stored on the file system. Other apps, or processes can read/write data to this database file. This is true for almost all platforms, you could root/jailbreak the device and get the database file to do with it whatever you like. That’s why it is very important that you start looking into securing your data as much as possible.

In a previous blog post, I talked broadly about how you could secure your data on mobile apps from an architectural point of view. In this post, I will show you how you can use SQLite.Net.Cipher to encrypt/decrypt data when stored/accessed in/from your database. This library helps you secure the data and do all the work for you seamlessly. All you need to do it annotate the columns that you want to encrypt with one attribute. The library will do the rest for you.

The Model

	public class SampleUser : IModel
	{
		public string Id { get; set; }

		public string Name { get; set; }

		[Secure] 
		public string Password { get; set; }
	}

Notice above that we have decorated our Password property with [Secure] attribute. This will tell the SQLite.Net.Cipher to encrypt the password property whenever storing data into the database, and it will decrypt it when reading out of the database.

The model needs to implement IModel, which enforces the contract of having a property with the name Id as a primary key. This is a common standard, and you could use other columns for PrimaryKey if you want and use backing properties to satisfy this requirement if you like.

The Connection

Your database connection entity needs to extend the SecureDatabase, which is provided to you by the SQLite.Net.Cipher as below:


	public class MyDatabase : SecureDatabase
	{
		public MyDatabase(ISQLitePlatform platform, string dbfile) : base(platform, dbfile)
		{
		}

		protected override void CreateTables()
		{
			CreateTable<SampleUser>();
		}
	}

You can use the CreateTable() method to create whatever tables you need. There is also another constructor that allows you to pass your own implementation of the ICryptoService if you like. This is the entity that is responsible for all encryption and decryption tasks.

See it in Action

Now to see the library in action, you could establish a connection to the database, insert some data and retrieve it:


	var dbFilePath = Path.Combine(Environment.GetFolderPath(Environment.SpecialFolder.MyDocuments), "mysequredb.db3");
	var platform = new SQLite.Net.Platform.XamarinIOS.SQLitePlatformIOS();
	ISecureDatabase database = new MyDatabase(platform, dbFilePath);
	var keySeed = "my very very secure key seed. You should use PCLCrypt strong random generator";

	var user = new SampleUser()
	{
		Name = "Has AlTaiar", 
		Password = "very secure password :)", 
		Id = Guid.NewGuid().ToString()
	};

	var inserted = database.SecureInsert<SampleUser>(user, keySeed);
		
	// you could use any desktop to inspect the database and you will find the Password column encrypted (and converted base64)

	var userFromDb = database.SecureGet<SampleUser>(user.Id, keySeed);

And that’s all 🙂 Assuming that you have installed the Nuget Package.

SQLite.Net.Cipher
SQLite.Net.Cipher

Dependencies

Please note that this library relies on the following great projects:
SQLite.Net-PCL
PCLCrypto

Both of these projects are really great and they support all major platforms, including builds for PCL libraries, so I would highly encourage your to look into them if you have not seen them before.

You could find the library on Nuget here, and the source code is on GitHub here, feel free to fork, change, and do whatever you like 🙂 I hope you find the library useful and I would love to hear any comments, questions, or feedback.

6 Replies to “SQLite.Net.Cipher: Secure your data on all mobile platforms seamlessly and effortlessly”

  1. Hi, i am using your extension and everything seems to be working perfect with only one big issue. Objects get encrypted in memory after they are dump in database. Fix?

  2. Great extension 🙂 I’m using it in a project, and for some reason I’m unable to access the SecureGet()/SecureInsert() methods from within my derived class, even though I can access them when I instantiate the derived class. Why is this, and how can I get around it?

    1. Ack, sorry, it turned out all I had to do was cast `this` to ISecureDatabase 🙂 Perhaps the methods in SecureDatabase.cs should be public?

Leave a Reply

Your email address will not be published. Required fields are marked *