An easy to use extension for SQLite.Net PCL that allows you to seamlessly encrypt/decrypt data when getting data in/out of the database. This library allows you to securely encrypt/decrypt group of your objects' properties simply by decorating these propertiese with one attribute (Secure). The library Works great one all major platforms (iOS, Android, Windows Universal, and .NET 4.0 onwards). There is a dependency on SQLite.Net PCL and PCLCrypto.
More details can be found here
This projected is licensed under the terms of the MIT license. See LICENSE.TXT
To use the library you need to subclass SecureDatabase and add the attribute [Secure] on the properties that you want to secure.
public class MyDatabase : SecureDatabase
{
public MyDatabase(ISQLitePlatform platform, string dbfile): base(platform, dbfile)
{
}
protected override void CreateTables()
{
CreateTable<SampleUser>();
}
}
public class SampleUser : IModel
{
public string Id { get; set; }
public string Name { get; set; }
[Secure] // This property will be encrypted when inserted to the database, and decrypted when read out of the db again.
public string Password { get; set; }
public string Bio { get; set; }
}
var dbFilePath = Path.Combine(Environment.GetFolderPath(Environment.SpecialFolder.MyDocuments), "mysequredb.db3");
var platform = new SQLite.Net.Platform.XamarinIOS.SQLitePlatformIOS();
ISecureDatabase database = new MyDatabase(platform, dbFilePath);
var keySeed = "my very very secure key seed. This can be any string, with any size. You should use PCLCrypt strong random generator for this";
var user = new SampleUser()
{
Name = "Has AlTaiar",
Password = "very secure password :)",
Bio = "Very cool guy :) ",
Id = Guid.NewGuid().ToString()
};
// insert object to the database (it will encrypt all [Secure] properties)
var inserted = database.SecureInsert<SampleUser>(user, keySeed);
var newUser = database.SecureGet<SampleUser>(user.Id, keySeed);
Assert.AreEqual("very secure password :)", newUser.Password); // password will be decrypted seamlessly when acceed from db.
var dbFilePath = Path.Combine(Environment.GetFolderPath(Environment.SpecialFolder.MyDocuments), "mysequredb.db3");
var platform = new SQLite.Net.Platform.XamarinAndroid.SQLitePlatformAndroid();
ISecureDatabase database = new MyDatabase(platform, dbFilePath);
var keySeed = "my very very secure key seed. This can be any string, with any size. You should use PCLCrypt strong random generator for this";
var user = new SampleUser()
{
Name = "Has AlTaiar",
Password = "very secure password :)",
Bio = "Very cool guy :) ",
Id = Guid.NewGuid().ToString()
};
// insert object to the database (it will encrypt all [Secure] properties)
var inserted = database.SecureInsert<SampleUser>(user, keySeed);
var newUser = database.SecureGet<SampleUser>(user.Id, keySeed);
Assert.AreEqual("very secure password :)", newUser.Password); // password will be decrypted seamlessly when acceed from db.
You could use the same code samples above for all other platforms. The only things to change, you database file path and this line:
var dbFilePath = "set-your-db-file-path";
var platform = new SQLite.Net.Platform.WhateverPlatformYouAreUsing.SQLitePlatformX();
ISecureDatabase database = new MyDatabase(platform, dbFilePath);
// the rest of the code samples above works the same way.
To install, simply grab the package from Nuget
> Install-Package SQLite.Net.Cipher
- Use Strong Random generators, like the one provided by PCLCrypto. Avoid using simple-to-guess passwords.
- Avoid storing the encryption key on the device. If you have to do so, use KeyChain.Net to store your key in the device specialised database of keys.
- SQLite.Net.Cipher allows you to have your implementation of CryptoService, which is used for encryption/decryption.
- Your Data models (objects) need to implement IModel.
- The library assumes that your property values are using UTF-8 for encoding.
- The [Secure] property can only be used on properties of type string.
- Limited support to generic methods like Query(), and ExecuteScalar(), use CryptoService along with these methods to construct your own secure sql query.