Introducing CWAC-SafeRoom

As part of my work on Android’s Architecture Components, I put together CWAC-SafeRoom. This is bridge code, connecting Room with SQLCipher for Android.

A little-known bit of the Architecture Components is the SupportSQLite... series of interfaces. These represent a wrapper around a SQLite implementation, with an API that is reminiscent of the native SQLiteDatabase and related classes. Room not only has these interfaces but an implementation (Framework...) that delegates to the native Android classes. But, you can provide a SupportSQLiteOpenHelper.Factory to your RoomDatabase.Builder, via openHelperFactory(), and that will cause Room to use some other implementation of the SupportSQLite... bits.

That’s where CWAC-SafeRoom comes in.

So, if you have an EditText named passphraseField, you can initialize an encrypted RoomDatabase via:

SafeHelperFactory factory=SafeHelperFactory.fromUser(passphraseField.getText());

StuffDatabase db=Room.databaseBuilder(ctxt, StuffDatabase.class, DB_NAME)
  .openHelperFactory(factory)
  .build();

Alternatively, you can create a SafeHelperFactory using a constructor that takes a char[] parameter. As part of setting up the database, CWAC-SafeRoom will clear that Editable (from getText() on your EditText) or that char[], so that the passphrase is no longer in cleartext in memory.

CWAC-SafeRoom has been lightly tested — there is a reason for the 0.0.1 version. A fair bit of the SupportSQLite... API cannot be implemented using SQLCipher for Android right now, as the SQLCipher for Android API is based on very old versions of Android, and SupportSQLite... wants a few newer features. So far, Room does not seem to be using those, which is why the partial implementation of SupportSQLite... in CWAC-SafeRoom is holding up as well as it is. Plus, Room itself is still an alpha, and who knows what the future may bring?

(hopefully not zombies)

This library was developed with patent-pending Insta-Deprecation Technology™. Should Google or Zetitec (developers of SQLCipher) offer their own equivalent library, use theirs.

So, while work remains to be done, CWAC-SafeRoom demonstrates the possibility of an encrypted Room implementation.