Enabling Database Encryption (sqlcipher)

Since version 1.2.0, Couchbase Lite supports database encryption. For SQLite storage, CBL uses sqlcipher. This post explains how to enable database encryption for Couchbase Lite Android.

What is SQLCipher? From SQLCipher’s home page:

SQLCipher is an open source extension to SQLite that provides transparent 256-bit AES encryption of database files.

Installing SQLCipher module:

SQLCipher is a optional. It is not part of default dependencies of couchbase-lite-android. You needs to add SQLCipher as a dependency in the application level build.gradle file.

dependencies {
    compile 'com.couchbase.lite:couchbase-lite-android:1.2.1'
    compile 'com.couchbase.lite:couchbase-lite-android-sqlcipher:1.2.1'
}

How to enable SQLCipher:

By opening the database with the database key, CBL autotamtically enables SQLCipher as a database storage. Please specify the database key (password) with using DatabaseOptions.

String KEY_4_DATABASE = "<password>";

DatabaseOptions options = new DatabaseOptions();
options.setCreate(true);
options.setEncryptionKey(KEY_4_DATABASE);
Database database = manager.openDatabase(DATABASE_NAME, options);

NOTE:

  1. Internal implementations of SQLite and SQLCipher are little different, but both should behave same. So you don’t need to do anything else to use SQLCipher with Couchbase Lite.
  2. By specifiying database key, attachments are also enctypted by 256-bit AES encryption.

Sample App:

Please refer GrocerySync-Android sqlcipher branch as a sample Android application.

Written on May 8, 2016