How to store the key used in SQLCipher for android

android sqlite sqlcipher
nibz picture nibz · Feb 24, 2014 · Viewed 7.4k times · Source

I am using SQLCipher for Android. I have done all the necessary things that are needed for loading the libs as mentioned in http://sqlcipher.net/sqlcipher-for-android/

I observed that you set the password i.e the key in :

    SQLiteDatabase database = SQLiteDatabase.openOrCreateDatabase(databaseFile, "test123", null);

Then how is your password safe from a hacker? As it can be accessed from a java file. ?

Is there any correct way where i can store the password ?

Thanks, Nibs

Answer

CommonsWare picture CommonsWare · Feb 24, 2014

Then how is your password safe from a hacker?

It's not. Hard-coding a passphrase makes for simple demonstrations, though.

Is there any correct way where i can store the password ?

The user should supply the passphrase for the user's database via your UI. The user then stores the passphrase in the user's head, or perhaps you combine what's in the user's head with something else for lightweight two-factor authentication (e.g., MAC address of paired Bluetooth wearable).

Related questions

encrypt sqlite database Android:

Hi in my running app i already have an existing sqlite database. And now the problem is anybody can pull the sqlite database from device and can be use it. Now i need to encrypt the sqlite file. I found …

Read More
file is encrypted or is not a database (Exception net.sqlcipher.database.SQLiteException)

I'm trying to use sqlcipher lib to encrypt my database from already existing database but while accessing the old database(i.e opening the db) gives this exception: 02-27 13:12:21.231: E/AndroidRuntime(14687): FATAL EXCEPTION: main 02-27 13:12:21.231: E/AndroidRuntime(14687): java.lang.RuntimeException: …

Read More
SQLite in Android How to update a specific row

I've been trying to update a specific row for a while now, and it seems that there are two ways to do this. From what I've read and tried, you can just use the: execSQL(String sql) method or the: …

Read More