Hi,
Anyone knows if there is a way to encrypt data to write into a SQLite DB (or encrypt the whole DB), in LiveCode for android?
Thanks,
Mario
Encryption, SQLite and Android
Moderators: FourthWorld, heatherlaine, Klaus, kevinmiller, robinmiller
Re: Encryption, SQLite and Android
You can encrypt an entire sqlite database file when your application finishes, and then decrypt it again next time your application starts. While your app is running, the database (and its values) are not encrypted.
You can encrypt individual values/rows in your database, and leave the whole database structure unencrypted (thus nothing to do when your app finishes/starts). But that means you will lose out on the ability to use indexes on the encrypted values, and you cannot do searches/comparisons against the encrypted values and unencrypted values that the user might be interested in. Depending on what you mean by "encryption" (i.e. if obfuscation is enough), then you could just encode the values somehow (e.g. Base64encode), where you would then be able to encode a search term and still make use of indexes and (some) comparison functions.
However, as far as I know, there is no-way to have the database structure encrypted, and have the values (really) encrypted and be able to make use of things like indexes and/or comparison functions. At least, not in the way that sqlite is shipped by Runrev.
You could use Valentina instead of sqlite. They do have mechanisms to have a database structure/values encrypted all the time, whilst making this transparent to their indexing/searching.
You can encrypt individual values/rows in your database, and leave the whole database structure unencrypted (thus nothing to do when your app finishes/starts). But that means you will lose out on the ability to use indexes on the encrypted values, and you cannot do searches/comparisons against the encrypted values and unencrypted values that the user might be interested in. Depending on what you mean by "encryption" (i.e. if obfuscation is enough), then you could just encode the values somehow (e.g. Base64encode), where you would then be able to encode a search term and still make use of indexes and (some) comparison functions.
However, as far as I know, there is no-way to have the database structure encrypted, and have the values (really) encrypted and be able to make use of things like indexes and/or comparison functions. At least, not in the way that sqlite is shipped by Runrev.
You could use Valentina instead of sqlite. They do have mechanisms to have a database structure/values encrypted all the time, whilst making this transparent to their indexing/searching.
Re: Encryption, SQLite and Android
Thanks, Bernard, but the point is: can I do that on LiveCode for Android (and, eventually, how..)?
Re: Encryption, SQLite and Android
I'm not sure which of those options meet your requirements. But I forgot, valentina does not work on Android.
Perhaps if you say more about what you want to do, then others will jump in.
There is a discussion here from last year about sqlite and encryption:
http://forums.runrev.com/viewtopic.php? ... encryption
This comment in that discussion suggests that encrypting a whole database & decrypting it does not work:
http://forums.runrev.com/viewtopic.php?p=48644#p48644
He has a sample stack attached, so you could try it out and see for yourself.
It seems from the discussion that someone has provided an external (for iOS only, I think) that would provide the kind of transparent encryption offered by Valentina. You could contact him and ask him if he any plans to build/market it for Android. But then later in the discussion it appears that LC 5.5.3 provides native (iOS) encryption.
Do you know what other Android developers are doing about encrypting sqlite data?
Perhaps if you say more about what you want to do, then others will jump in.
There is a discussion here from last year about sqlite and encryption:
http://forums.runrev.com/viewtopic.php? ... encryption
This comment in that discussion suggests that encrypting a whole database & decrypting it does not work:
http://forums.runrev.com/viewtopic.php?p=48644#p48644
He has a sample stack attached, so you could try it out and see for yourself.
It seems from the discussion that someone has provided an external (for iOS only, I think) that would provide the kind of transparent encryption offered by Valentina. You could contact him and ask him if he any plans to build/market it for Android. But then later in the discussion it appears that LC 5.5.3 provides native (iOS) encryption.
Do you know what other Android developers are doing about encrypting sqlite data?
Re: Encryption, SQLite and Android
I should write a simple application, for both iOS and Android, which retrieves sensible data from a local DB.
My customer is afraid about the security of the data in case the user looses his phone.
A field level encryption (apparently only supported by the mergExt external for iOS) even if handled by my code and not automatic (and therefore independent from the final destination of the data) should be enough.
I'm not aware of the availability of an external SDK for Android (to write the external by myself), is there one into the release path of LC?
And, no, I don't know anything about what other Android developers are doing about encrypting data.
My customer is afraid about the security of the data in case the user looses his phone.
A field level encryption (apparently only supported by the mergExt external for iOS) even if handled by my code and not automatic (and therefore independent from the final destination of the data) should be enough.
I'm not aware of the availability of an external SDK for Android (to write the external by myself), is there one into the release path of LC?
And, no, I don't know anything about what other Android developers are doing about encrypting data.
Re: Encryption, SQLite and Android
I had a look on StackOverflow, and it seems that there was not an official mechanism for encrypting sqlite databases in the Android java development world until the end of 2011. Recently Google has made a change to the latest versions of Android, where the user can opt to have all data on the device encrypted.
I have seen on the mailing list that Monte (the provider of mergext) has been discussing a new project of his that will be iOS & Android, so it seems that there is an Android external kit on the horizon (I haven't seen any timescale for that though).
As for your problem, it looks like you have few options. You can write your own encryption algorithm in Livecode (there are a couple of versions of a RC4 encryption/decryption algorithm around, one in Revonline). That is not the best encryption method, and would not keep out a dedicated hacker for long. But it might be sufficient (it was being used by Microsoft Office for a decade or so). But using such field-by-field encryption method you are going to lose the ability to do sub-string searches or range searches in SQL. It looks as though runrev are not even providing the openssl external for mobile platforms, so you cannot choose any of the stronger encryption alternatives offered by that.
Do you really need to store your data in a sqlite database? If your data can be stored in arrays, you could put your arrays into fields of your stack when the user exits the app, and if you "set the password of this stack" then all the data stored in the fields is encrypted.
I have seen on the mailing list that Monte (the provider of mergext) has been discussing a new project of his that will be iOS & Android, so it seems that there is an Android external kit on the horizon (I haven't seen any timescale for that though).
As for your problem, it looks like you have few options. You can write your own encryption algorithm in Livecode (there are a couple of versions of a RC4 encryption/decryption algorithm around, one in Revonline). That is not the best encryption method, and would not keep out a dedicated hacker for long. But it might be sufficient (it was being used by Microsoft Office for a decade or so). But using such field-by-field encryption method you are going to lose the ability to do sub-string searches or range searches in SQL. It looks as though runrev are not even providing the openssl external for mobile platforms, so you cannot choose any of the stronger encryption alternatives offered by that.
Do you really need to store your data in a sqlite database? If your data can be stored in arrays, you could put your arrays into fields of your stack when the user exits the app, and if you "set the password of this stack" then all the data stored in the fields is encrypted.
Re: Encryption, SQLite and Android
There is a blowfish library written in Livecode that might meet your needs. http://revonline2.runrev.com/stack/389/ ... -libraries
Also, in terms of encrypting the whole database, you could put the database into a custom property of a password protected stack, save the stack, then delete the actual sqlite file. That would mean that when your application is not running, the whole database was encrypted. On application startup, you could extract the database out of the encrypted stack.
Also, in terms of encrypting the whole database, you could put the database into a custom property of a password protected stack, save the stack, then delete the actual sqlite file. That would mean that when your application is not running, the whole database was encrypted. On application startup, you could extract the database out of the encrypted stack.
Re: Encryption, SQLite and Android
The last one could be a possible solution. I will make some experiment and I will tell you.
Thanks, Bernard
Thanks, Bernard