Encryption adds another level of security to our apps and data. If we have an app that contains sensitive information, such as passwords or confidential data, then encryption can help protect this data.
Adding encryption to our apps is as simple as adding a reference and creating a password or encryption key. Let's take a look at the following steps:
- Remove the Mono.Data.Sqlite reference if you are using ADO.NET, the SQLite.NET component, or the NuGet package if we are using SQLite.NET.
- Add the SQLCipher Android component to the project from the Xamarin Component Store. This can be done by right-clicking on the Components folder under the project. In the dialog that appears, we can search for SQLCipher and install the Android package.
- Once the component is installed, we modify our code that opens the database connection to include a password. If we use ADO.NET to access databases, we can first set the password before opening the connection:
using (var conn = new SqliteConnection(connectionString)) { conn.SetPassword("StrongPasswordHere123"); conn.Open (); // normal database access } - If we use SQLite.NET to access the database, we modify the connection constructor to include the password:
using (var conn = new SQLiteConnection( databasePath, "StrongPasswordHere123")) { // normal database access }
SQLCipher provides transparent and secure 256-bit AES encryption of SQLite database files; all that we have to do is to specify a password. Passwords can be either a string or a byte array passed to the connection.
If we use the ADO.NET API, we call the SetPassword() method; if we use the SQLite.NET API; we pass the password in with the constructor. Other than this, there is no extra work for us to do.
SQLCipher works with the SQLite engine to transparently encrypt the pages before being written to disk and decrypt them when read back into memory. Due to its small footprint and great performance, it can be used to protect SQLite databases in embedded and mobile environments, such as on Android devices.
SQLCipher includes its own build of SQLite as the native SQLite does not support all the features required to handle transparent database encryption. However, there is very little modification to the actual SQLite implementation and most changes are extensions to support the encryption process.
- More information on SQLCipher can be found on the Zetetic LLC website: https://www.zetetic.net/sqlcipher
- The Data access with ADO.NET recipe
- The Data access with SQLite.NET recipe