Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Anyone successfully used password on sqlite database in Monotouch?

Tags:

I have a Monotouch app which uses a sqlite database. I want to encrypt the database so I am doing this:

_mainConnection = new SqliteConnection("Uri="+finalDB); _mainConnection.Open(); _mainConnection.ChangePassword("mypassword"); 

However, its not working (on simulator and iphone). It gets this error:

at (wrapper managed-to-native) Mono.Data.Sqlite.UnsafeNativeMethods.sqlite3_rekey (intptr,byte[],int) <0x0005c> at (wrapper managed-to-native) Mono.Data.Sqlite.UnsafeNativeMethods.sqlite3_rekey (intptr,byte[],int) <0x0005c> at Mono.Data.Sqlite.SQLite3.ChangePassword (byte[]) <0x00053> at Mono.Data.Sqlite.SqliteConnection.ChangePassword (byte[]) <0x0004b> at Mono.Data.Sqlite.SqliteConnection.ChangePassword (string) <0x0005b>

Has anyone successfully used password protection on an sqlite database in Monotouch?

like image 656
therealtkd Avatar asked Nov 18 '10 19:11

therealtkd


People also ask

Can I put password on SQLite database?

The base SQLite engine doesn't have any password/encryption options. You have to either use the paid SEE option for encryption, or some third party solution.

How does SQLite store passwords?

You will need to take the username and password (the password from a masked text box, preferably with a second box for confirmation) salt it, and create a hash from the password, and then insert the plaintext username and salted hash of the password in to the database.

Can SQLite be encrypted?

SQLite doesn't support encrypting database files by default. Instead, you need to use a modified version of SQLite like SEE, SQLCipher, SQLiteCrypt, or wxSQLite3.

Is SQLite a secure database?

The SQLite Store is a set of database files, which is deployed on the untrusted area. However, data on the SQLite Store are protected with the authenticated encryption scheme, making data tampering and eavesdropping impossible.


2 Answers

As per my research there are a few options for database encryption using MonoTouch. I have a forthcoming blog post on the subject, but for now these are your top two options:

SQLCipher

I've automated the SQLCipher build process substantially. All it takes is a simple make command and you've got a library that you can link into your project. It makes use of the awesome SQLite-NET library. After that, all that's required is to provide the key in the SQLite.cs file.

  • SQLCipherNet: https://github.com/anujb/SQLCipherNet

CSharp-SQLite

This is a managed port of the SQLite library in C#. Performance is only about ~2x slower, which is pretty awesome considering it's not native code!

  • Encryption: http://code.google.com/p/csharp-sqlite/wiki/ENCRYPTION
  • Perf Benchmarks: http://code.google.com/p/csharp-sqlite/wiki/Benchmarks
like image 66
Anuj Avatar answered Sep 20 '22 17:09

Anuj


Try adding ";Password=mypassword" to your connection string, and remove the call to ChangePassword.

Please note that, by default, the iPhone implementation of sqlite does not support encryption, so the sqlite commands for that will be no-ops.

You can get a (paid) copy of the encrypt-able version of sqlite from http://www.hwaci.com/sw/sqlite/see.html, and compile it into your application, making sure to remove the libsqlite3*.dylib from your project if you've linked that in.

You may have to do a bit of digging in the Monotouch documentation and/or experimentation to make sure that the Monotouch library itself is not including the default sqlite implementation, but in fact links to the implementation you specify. Try it first, if things still don't work that's where I'd start looking.

You can do this experiment without paying for the encrypted version, simply using the sqlite3 source code available on the net, with appropriate break points.

Good luck!

PS: Note that there is no comparable solution for Android at this point, this works on iPhone because iPhone runs native C code.

PPS: There is also SQLCipher that claims to encrypt sqlite on iPhone. However I found the configuration requirements to be below my standards for simplicity. I'm also not sure if it will properly insert itself between Monotouch's framework code and the default iPhone sqlite implementation.

like image 30
Brane Avatar answered Sep 18 '22 17:09

Brane