简体繁体 English

在预填充的SQLite数据库上使用SQLCipher / Encryption

[英]Use SQLCipher/Encryption on a prepopulated SQLite database

原文 2017-10-30 15:33:32 2 1 android/ database/ sqlite/ encryption/ sqlcipher

I've been searching a way to implement SQLCipher on my prepopulated database containing more than a million entries. 我一直在寻找一种在包含100万以上条目的预填充数据库中实现SQLCipher的方法。 Last three months is the time I've fully devoted to my project's database and it's now complete which led me to a problem. 最近三个月是我完全致力于项目数据库的时间，现在它已经完成了，这使我遇到了问题。

My app's database is something that I know will be copied in a week or so and copying database is so easy (just open the apk with WinRAR). 我知道我的应用程序的数据库将在一周左右的时间内被复制，并且复制数据库非常容易（只需使用WinRAR打开apk）。 And in India, No one cares about copyrights so that'll be of no use. 在印度，没有人关心版权，因此这毫无用处。

Basically I want to protect my app's database from copying keeping in mind that app should work offline (that being said no PHP/SQL servers). 基本上，我想保护我的应用程序数据库免受复制，同时要记住该应用程序应脱机工作（也就是说，没有PHP / SQL服务器）。

I've checked GitHub/Google for it and only thing I've found is SQLCipher by Zetetic . 我已经检查了GitHub / Google，发现的只有Zetetic的SQLCipher 。 Very same thing on GitHub - Here . 在GitHub上也是如此- 在这里。

Also, One can import following library now: net.zetetic:android-database-sqlcipher:3.5.2@aar and can use this for securing database but it's something works on databases created by app and not on prepopulated. 另外，一个人现在可以导入以下库： net.zetetic:android-database-sqlcipher:3.5.2@aar并可以使用它来保护数据库，但这在由app创建的数据库上有效，而在预先填充的数据库上却有效。 (lib taken from this answer on SO). （lib取自SO的此答案）。

-> Now, for me the million dollar question is Is there anyway by which I can either password protect or encrypt my database without putting the database on any server? ->现在，对我来说，百万美元的问题是， 是否可以通过密码保护或加密数据库而不将数据库放置在任何服务器上？

PS -> I want to make my app work offline and also, I'm just a student and at least for now, can't afford Zetetic's paid service. PS->我想让我的应用程序脱机工作，而且，我还是一个学生，至少目前还不能负担Zetetic的付费服务。

Edit - I've gone through codes of some google apps storing databases for some help but they are just using .out files (easily openable with Word/Text editor) compressed in .gz files which is not something I should use. 编辑-我已经通过一些Google应用程序的代码来存储数据库，以寻求帮助，但它们只是使用.gz文件中压缩的.out文件（可使用Word / Text编辑器轻松打开），我不应该使用这些文件。

1 个解决方案

implement SQLCipher on my prepopulated database 在预填充的数据库上实现SQLCipher

This is pointless. 这是没有意义的。 Anyone who wants to can grab the encrypted database, grab the encryption key out of your app, and decrypt the database. 任何想要的人都可以获取加密的数据库，从应用程序中获取加密密钥，然后解密数据库。

I want to protect my app's database from copying 我想保护我的应用程序数据库免受复制

Don't put it on the device. 不要将其放在设备上。

keeping in mind that app should work offline 请记住，应用程序应离线运行

Depending on the nature of your app, you might be able to cache bits of data for offline use, for reduced functionality while offline. 根据应用程序的性质，您可能可以缓存数据位以供脱机使用，以减少脱机时的功能。

A simpler solution is to not worry about the fact that the database may be copied. 一个更简单的解决方案是不用担心数据库可能会被复制的事实。 To paraphrase Tim O'Reilly, your problem is not security but obscurity. 用蒂姆·奥赖利的话来解释，您的问题不是安全，而是默默无闻。