Introducing CWAC-SafeRoom
As part of my work on Android’s Architecture Components, I put together CWAC-SafeRoom. This is bridge code, connecting Room with SQLCipher for Android.
A little-known bit of the Architecture Components
is the SupportSQLite... series of interfaces. These
represent a wrapper around a SQLite implementation, with an API that is reminiscent
of the native SQLiteDatabase and related classes. Room not only has these
interfaces but an implementation (Framework...) that delegates to the native
Android classes. But, you can provide a SupportSQLiteOpenHelper.Factory
to your RoomDatabase.Builder, via openHelperFactory(), and that will
cause Room to use some other implementation of the SupportSQLite... bits.
That’s where CWAC-SafeRoom comes in.
So, if you have an EditText named passphraseField, you can initialize
an encrypted RoomDatabase via:
SafeHelperFactory factory=SafeHelperFactory.fromUser(passphraseField.getText());
StuffDatabase db=Room.databaseBuilder(ctxt, StuffDatabase.class, DB_NAME)
.openHelperFactory(factory)
.build();
Alternatively, you can create a SafeHelperFactory using a constructor that
takes a char[] parameter. As part of setting up the database, CWAC-SafeRoom
will clear that Editable (from getText() on your EditText) or that char[],
so that the passphrase is no longer in cleartext in memory.
CWAC-SafeRoom has been lightly tested — there is a reason for the 0.0.1
version. A fair bit of the SupportSQLite... API cannot be implemented using
SQLCipher for Android right now, as the SQLCipher for Android API is based on
very old versions of Android, and SupportSQLite... wants a few newer features.
So far, Room does not seem to be using those, which is why the partial
implementation of SupportSQLite... in CWAC-SafeRoom is holding up as well
as it is. Plus, Room itself is still an alpha, and who knows what the future
may bring?
(hopefully not zombies)
This library was developed with patent-pending Insta-Deprecation Technology™. Should Google or Zetitec (developers of SQLCipher) offer their own equivalent library, use theirs.
So, while work remains to be done, CWAC-SafeRoom demonstrates the possibility of an encrypted Room implementation.
