Android 資料庫加密
一 簡介
SQLite是一個輕量的、跨平台的、開源的資料庫引擎,它的讀寫效率、資源消耗總量、延遲時間和整體簡單性上具有的優越性,使其成為移動平台資料庫的最佳解決方案(如Android、iOS)。Android系統內建了SQLite資料庫,並且提供了一整套的API用於對資料庫進行增刪改查操作,具體就不詳細說明了。
然而,Android平台內建的SQLite有一個致命的缺陷:不支援加密。這就導致儲存在SQLite中的資料可以被任何人用任何文字編輯器查看到。如果是普通的資料還好,但是當涉及到一些帳號密碼,或者聊天內容的時候,我們的應用就會面臨嚴重的安全性漏洞隱患。
二 解決方案
1.SQLite加密方式
對資料庫加密的思路有兩種:
將內容加密後再寫入資料庫
這種方式使用簡單,在入庫/出庫只需要將欄位做對應的加解密操作即可,一定程度上解決了將資料赤裸裸暴露的問題。
不過這種方式並不是徹底的加密,因為資料庫的表結構等資訊還是能被查看到。另外寫入資料庫的內容加密後,搜尋也是個問題。
對資料庫檔案加密
將整個資料庫整個檔案加密,這種方式基本上能解決資料庫的資訊安全問題。目前已有的SQLite加密基本都是通過這種方式實現的。
2.SQLite加密工具
今天我們要說的是一款開源的SQLite加密工具 SQLCipher。SQLCipher是完全開源的,其代碼託管在github上。
SQLCipher使用256-bit AES加密,由於其基於免費版的SQLite,主要的加密介面和SQLite是相同的,但也增加了一些自己的介面。事實上SQLite有加解密介面,只是免費版本沒有實現而已。
SQLCipher分為Community Edition 和 Commercial Edition,前者是免費的,關於 SQLCipher Features 可以參看這裡。
關於跨平台支援,官方說明如下:
SQLCipher has broad platform support for with C/C++, Obj-C, QT, Win32/.NET, Java, Python, Ruby, Linux, Mac OS X, iPhone/iOS, Android, Xamarin.iOS, and Xamarin.Android(如iOS、Android)。
同時支援 Android、iOS 兩大平台。3.SQLCipher整合
SQLCipher官方提供了詳細的整合說明文檔,具體參看這裡。
下面通過一個簡單的樣本示範如何快速整合SQLCipher到我們的項目中。
3.1 下載官方二進位檔案包
:https://s3.amazonaws.com/sqlcipher/3.2.0/sqlcipher-for-android-community-v3.2.0.zip
3.2 匯入依賴檔案
將下載的後的壓縮包解壓,解壓後如下所示:
將libs 和 assets目錄下的所有檔案拷貝到我們當前的工程中來,拷貝完成後如下:
3.3 操作資料庫
首先,自訂MySQLiteOpenHelper 繼承自 net.sqlcipher.database.SQLiteOpenHelper類,而不是android.database.sqlite.SQLiteOpenHelper,切記!範例程式碼如下:
package com.ricky.android.sqlitecipher.db;import com.ricky.android.sqlitecipher.util.Logger;import android.content.Context;import net.sqlcipher.database.SQLiteDatabase;import net.sqlcipher.database.SQLiteDatabase.CursorFactory;import net.sqlcipher.database.SQLiteOpenHelper;public class MySQLiteOpenHelper extends SQLiteOpenHelper {private static final String DB_NAME = "test.db";private static final int DB_VERSION = 3;public MySQLiteOpenHelper(Context context){super(context, DB_NAME, null, DB_VERSION);}public MySQLiteOpenHelper(Context context, String name,CursorFactory factory, int version) {super(context, name, factory, version);}@Overridepublic void onCreate(SQLiteDatabase db) {Logger.e("MySQLiteOpenHelper", "onCreate db name="+DB_NAME+" version="+DB_VERSION);db.execSQL("CREATE TABLE student(id INTEGER PRIMARY KEY AUTOINCREMENT, name text, age integer)");}@Overridepublic void onUpgrade(SQLiteDatabase db, int arg1, int arg2) {// TODO Auto-generated method stub}}
然後在我們的DAO類中使用 SQLiteDatabase操作資料庫。注意,此處是net.sqlcipher.database.SQLiteDatabase,而不是android.database.sqlite.SQLiteDatabase,千萬不要引錯包了!
package com.ricky.android.sqlitecipher.dao;import java.util.ArrayList;import java.util.List;import net.sqlcipher.Cursor;import net.sqlcipher.database.SQLiteDatabase;import net.sqlcipher.database.SQLiteOpenHelper;import android.content.ContentValues;import android.content.Context;import com.ricky.android.sqlitecipher.db.SQLiteHelperFactory;import com.ricky.android.sqlitecipher.model.Student;public class StudentDAOImpl implements StudentDAO { private SQLiteOpenHelper sqLiteOpenHelper; private String password = "ricky"; public StudentDAOImpl(Context context){sqLiteOpenHelper = SQLiteHelperFactory.create(context);}@Overridepublic long insert(Student stu) {SQLiteDatabase db = null;try{db = sqLiteOpenHelper.getWritableDatabase(password);ContentValues values = new ContentValues(); values.put("name", "Ricky"); values.put("age", 24); return db.insert("student", null, values);}finally{if(db!=null)db.close();}}@Overridepublic List query() {SQLiteDatabase db = null;Cursor cursor = null;try{db = sqLiteOpenHelper.getWritableDatabase(password); cursor = db.query("student", new String[]{"id","name","age"}, null, null, null, null, null);List list = new ArrayList<>();while(cursor!=null && cursor.moveToNext()){Student stu = new Student();stu.setId(cursor.getInt(0));stu.setName(cursor.getString(1));stu.setAge(cursor.getInt(2));list.add(stu);}return list;}finally{if(cursor!=null){cursor.close();}if(db!=null)db.close();}}}
為了方便管理,我單獨寫了一個 SQLiteHelperFactory類來負責SQLiteOpenHelper的建立,在建立MySQLiteOpenHelper對象之後將調用SQLiteDatabase.loadLibs(context);,代碼如下:
package com.ricky.android.sqlitecipher.db;import com.ricky.android.sqlitecipher.util.Logger;import android.content.Context;import net.sqlcipher.database.SQLiteDatabase;import net.sqlcipher.database.SQLiteOpenHelper;/** * SQLiteOpenHelper 工廠 * @author Ricky * */public class SQLiteHelperFactory {private static final String TAG = SQLiteHelperFactory.class.getSimpleName();private static SQLiteOpenHelper sqLiteOpenHelper;private SQLiteHelperFactory(){}public static SQLiteOpenHelper create(Context context){if(sqLiteOpenHelper==null){synchronized (SQLiteHelperFactory.class) {if(sqLiteOpenHelper==null){Logger.e(TAG, "init SQLiteOpenHelper");sqLiteOpenHelper = new MySQLiteOpenHelper(context.getApplicationContext());Logger.e(TAG, "SQLiteDatabase loadLibs");//必須先調用此方法SQLiteDatabase.loadLibs(context);}}}return sqLiteOpenHelper;}}
最後是 MainActivity類
package com.ricky.android.sqlitecipher;import java.util.List;import com.ricky.android.sqlitecipher.dao.StudentDAO;import com.ricky.android.sqlitecipher.dao.StudentDAOImpl;import com.ricky.android.sqlitecipher.model.Student;import com.ricky.android.sqlitecipher.util.Logger;import android.app.Activity;import android.os.Bundle;import android.view.View;import android.view.View.OnClickListener;import android.widget.Button;public class MainActivity extends Activity implements OnClickListener {private static final String TAG = MainActivity.class.getSimpleName();private Button bt_insert;private Button bt_query;private StudentDAO studentDAO;@Overrideprotected void onCreate(Bundle savedInstanceState) {super.onCreate(savedInstanceState);setContentView(R.layout.activity_main);findViewById();setListener();processLogic();}private void findViewById() {bt_insert = (Button) findViewById(R.id.bt_insert);bt_query = (Button) findViewById(R.id.bt_query);}private void setListener() {bt_insert.setOnClickListener(this);bt_query.setOnClickListener(this);}private void processLogic() {studentDAO = new StudentDAOImpl(this);}@Overridepublic void onClick(View v) {switch (v.getId()) {case R.id.bt_insert:Student stu = new Student();stu.setName("Mike");stu.setAge(24);long id = studentDAO.insert(stu);Logger.i(TAG, "insert id="+id);break;case R.id.bt_query:List list = studentDAO.query();if(list!=null){Logger.i(TAG, "student list size="+list.size());}else{Logger.i(TAG, "student list is empty");}break;default:break;}}}
OK,關於SQLCipher的整合到這裡就大功告成啦,最後另附Demo源碼(見文章末尾),有問題的話可以留言進行交流咯!
Demo:http://download.csdn.net/detail/fx_sky/8165223
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
