Android:房间:没有加密和安全措施?
Android: Room: no encryption and security?
我在 Android 上使用 SQLite 上的 OrmLite 和 SQLCipher 来加密数据库。有没有办法加密 Room 数据库?
Room 默认将数据存储在应用程序的内部存储器中,任何根用户都可以访问。
如果您需要一些安全性,您需要像这样使用加密库 cwac-saferoom。
Android 的 SQLCipher 现在直接支持 Room。您可以找到文档 here
因此,@CommonsWare 将不再积极开发 cwac-saferoom,建议使用 SQLCipher 的支持
Android Room DB explicitly doesn't support encryption. A typical
SQLite database in unencrypted. You can use SQLCipher for Android with
Room or other consumers of the androidx.sqlite API to Secure Your Data
stored in sqlite DB. QLCipher has a SupportFactory class in
the net.sqlcipher.database package that can be used to configure Room
to use SQLCipher for Android. See the hexdumps of a standard SQLite db
and one implementing SQLCipher.
~ sjlombardo$ hexdump -C sqlite.db
00000000 53 51 4c 69 74 65 20 66 6f 72 6d 61 74 20 33 00 |SQLite format 3.|
…
000003c0 65 74 32 74 32 03 43 52 45 41 54 45 20 54 41 42 |et2t2.CREATE TAB|
000003d0 4c 45 20 74 32 28 61 2c 62 29 24 01 06 17 11 11 |LE t2(a,b)$…..|
…
000007e0 20 74 68 65 20 73 68 6f 77 15 01 03 01 2f 01 6f | the show…./.o|
000007f0 6e 65 20 66 6f 72 20 74 68 65 20 6d 6f 6e 65 79 |ne for the money|
~ $ sqlite3 sqlcipher.db
sqlite> PRAGMA KEY=’test123′;
sqlite> CREATE TABLE t1(a,b);
sqlite> INSERT INTO t1(a,b) VALUES (‘one for the money’, ‘two for the show’);
sqlite> .quit
~ $ hexdump -C sqlcipher.db
00000000 84 d1 36 18 eb b5 82 90 c4 70 0d ee 43 cb 61 87 |.?6.?..?p.?C?a.|
00000010 91 42 3c cd 55 24 ab c6 c4 1d c6 67 b4 e3 96 bb |.B?..?|
00000bf0 8e 99 ee 28 23 43 ab a4 97 cd 63 42 8a 8e 7c c6 |..?(#C??.?cB..|?|
~ $ sqlite3 sqlcipher.db
sqlite> SELECT * FROM t1;
Error: file is encrypted or is not a database
我在 Android 上使用 SQLite 上的 OrmLite 和 SQLCipher 来加密数据库。有没有办法加密 Room 数据库?
Room 默认将数据存储在应用程序的内部存储器中,任何根用户都可以访问。
如果您需要一些安全性,您需要像这样使用加密库 cwac-saferoom。
Android 的 SQLCipher 现在直接支持 Room。您可以找到文档 here
因此,@CommonsWare 将不再积极开发 cwac-saferoom,建议使用 SQLCipher 的支持
Android Room DB explicitly doesn't support encryption. A typical SQLite database in unencrypted. You can use SQLCipher for Android with Room or other consumers of the androidx.sqlite API to Secure Your Data stored in sqlite DB. QLCipher has a
SupportFactoryclass in thenet.sqlcipher.databasepackage that can be used to configure Room to use SQLCipher for Android. See the hexdumps of a standard SQLite db and one implementing SQLCipher.
~ sjlombardo$ hexdump -C sqlite.db
00000000 53 51 4c 69 74 65 20 66 6f 72 6d 61 74 20 33 00 |SQLite format 3.|
…
000003c0 65 74 32 74 32 03 43 52 45 41 54 45 20 54 41 42 |et2t2.CREATE TAB|
000003d0 4c 45 20 74 32 28 61 2c 62 29 24 01 06 17 11 11 |LE t2(a,b)$…..|
…
000007e0 20 74 68 65 20 73 68 6f 77 15 01 03 01 2f 01 6f | the show…./.o|
000007f0 6e 65 20 66 6f 72 20 74 68 65 20 6d 6f 6e 65 79 |ne for the money|
~ $ sqlite3 sqlcipher.db
sqlite> PRAGMA KEY=’test123′;
sqlite> CREATE TABLE t1(a,b);
sqlite> INSERT INTO t1(a,b) VALUES (‘one for the money’, ‘two for the show’);
sqlite> .quit
~ $ hexdump -C sqlcipher.db
00000000 84 d1 36 18 eb b5 82 90 c4 70 0d ee 43 cb 61 87 |.?6.?..?p.?C?a.|
00000010 91 42 3c cd 55 24 ab c6 c4 1d c6 67 b4 e3 96 bb |.B?..?|
00000bf0 8e 99 ee 28 23 43 ab a4 97 cd 63 42 8a 8e 7c c6 |..?(#C??.?cB..|?|
~ $ sqlite3 sqlcipher.db
sqlite> SELECT * FROM t1;
Error: file is encrypted or is not a database