Database encryption #165

Open
hdweiss opened this Issue Feb 13, 2012 · 3 comments

Projects

None yet

3 participants

@hdweiss
Collaborator
hdweiss commented Feb 13, 2012

It would be nice if we could encrypt the entire mobileorg database on the device.

@hdweiss hdweiss was assigned Mar 7, 2012
@aperomsik
Contributor

One approach might be to use sqlcipher. Relatively easy to implement; downside is that it adds several MB to application size. Proof of concept (currently based on outdated old base commit) can be seen on my sqlcipher branch. [That is based on a fairly old base commit... I have not pushed the updated version because it doesn't quite work yet.]

@matburt
Owner
matburt commented Nov 29, 2012

Once you have it then submit a PR and we'll take a look at it... keep in
mind that in order to integrate it would probably be good to define some
menu options to control things.

@aperomsik
Contributor

Indeed, I would not want to submit a PR until I worked out a way to make the encryption optional. But just wanted to make sure... would increasing app size from 1.2MB to 8MB (iirc) be a show stopper? If that's a problem we might consider maintaining two separate flavors of the app, one with the sqlcipher support, and one without. It could probably be one code base with two different ant targets. Or we could consider a different approach to encryption that doesn't hook in at such a low level. The main benefit of sqlcipher is that implementation of the proof of concept is as simple as swapping around some includes, modulo the changes related to waiting for the user to type something in the password dialog-- which needs to be done regardless of which encryption technology is used.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment