September 24, 2017

Encrypt android sqlite database using SQLCipher Community Edition for Xamarin Android

Brief: Creating secured local database for android using open source SQLCipher Community Edition.


Refer my previous post for how to fetch sqlite database file from android device using mac machine and windows machine.

Description:
In mobile application development, especially in android we need secure our sensitive local data with some sort of protection approaches. Unlike iOS, android provides access to user for every level of data, api configurations so there will be less security from Android OS level.

Here i have taken SQLCipher Community Edition to encrypt local data from database level.For Xamarin android need to create binding wrapper across the available java sqlcipher .aar file. Xamarin binding is usually used to create .Net compatible dll from the available native libraries(.aar) written in java or objective c. 
For more information on binding project go through the detailed walkthrough in xamarin document https://developer.xamarin.com/guides/android/advanced_topics/binding-a-java-library/binding-an-aar/

In Steps:
Step1: Create xamarin android binding project.
Select File->New Solution
From left pane select Android->Library
From right side select Bindings Library.




Step 2: Import sqlcipher .aar (android-database-sqlcipher-3.3.1-2.aar) file to jars folder as shown below. Right click on jars folder select Add->Add files [browse .aar file from: https://github.com/suchithm/XamarinAndroidSqliteCipher]


Step 3: Point the project to release mode and do build. On successful build it creates SQLCipher.dll in bin->release folder.



Step 4: Consume SQLCipher.dll in xamarin android project From solution explorer,Right click on References->Edit references->Select .Net Assembly tab and Browse .dll, add to project.


Step 5: Now encrypted database setup in ready in our xamarin android project. It is available from the namespace Net.Sqlcipher.Database. Initialize sqlcipher database in activity onCreate method. Here for SQLiteDatabase.OpenOrCreateDatabase() method need to pass paasword to encrypt db.

  private void InitializeSQLCipher()
    {
        SQLiteDatabase.LoadLibs(this);
        Java.IO.File databaseFile = GetDatabasePath("demoEncrypted.db");
        databaseFile.Mkdirs();
        databaseFile.Delete();
        SQLiteDatabase database = SQLiteDatabase.OpenOrCreateDatabase(databaseFile, "Pass1234", null); 
        database.ExecSQL("create table tblProject(ProjectCode, ProjectName)");
        database.ExecSQL("insert into tblProject(ProjectCode, ProjectName) values(?, ?)", (new Java.Lang.Object[]{"001", 
        "Survey"})); 
    } 

Step 6: Fetch db file and try to open it from sqlite browser and it will now ask for the password.
video

Reference