SQLite secure Windows Phone 8.1

Question

I have windows universal app. In this app I use SQLite and I need secure this file. It is saved in the LocalFolder and user has access to him.

I need set access only for my APP or set password for this database or anything else. Please, Do you know about extension that can help me?

Thanks

Answer 1

In Windows Store API you will find some namespaces, which I think you can use for your purpose: Windows.Security.Cryptography, Windows.Security.Cryptography.Core and Windows.Security.Cryptography.DataProtection.

Edited after Maarten Bodewes comment - added randomized initialization vector.

A very simple example of encrypting some data can look like this:

/// <summary>
/// Method encrypting data in source file and saving to target file
/// </summary>
/// <param name="backupKey">secret key</param>
/// <param name="sourceFile">source file with data</param>
/// <param name="targetFile">encrypted file</param>
public static async Task EncryptFile(string backupKey, StorageFile sourceFile, StorageFile targetFile)
{
    SymmetricKeyAlgorithmProvider algorithm = SymmetricKeyAlgorithmProvider.OpenAlgorithm(SymmetricAlgorithmNames.AesCbcPkcs7);
    IBuffer keymaterial = CryptographicBuffer.ConvertStringToBinary(backupKey, BinaryStringEncoding.Utf8);
    IBuffer initVector = CryptographicBuffer.GenerateRandom(32);
    CryptographicKey key = algorithm.CreateSymmetricKey(keymaterial);           
    IBuffer output = CryptographicEngine.Encrypt(key, await FileIO.ReadBufferAsync(sourceFile), initVector);           
    await Windows.Storage.FileIO.WriteTextAsync(targetFile, CryptographicBuffer.EncodeToBase64String(initVector) + CryptographicBuffer.EncodeToBase64String(output));
}

/// <summary>
/// Method decrypting a file
/// </summary>
/// <param name="backupKey">secret key</param>
/// <param name="encryptedFile">source file with encrypted data</param>
/// <returns>buffer with devrypted data</returns>
public static async Task<IBuffer> DecryptFile(string backupKey, StorageFile encryptedFile)
{
    string entry = await Windows.Storage.FileIO.ReadTextAsync(encryptedFile);
    IBuffer initVector = CryptographicBuffer.DecodeFromBase64String(entry.Substring(0, 44));
    IBuffer input = CryptographicBuffer.DecodeFromBase64String(entry.Substring(44));
    SymmetricKeyAlgorithmProvider algorithm = SymmetricKeyAlgorithmProvider.OpenAlgorithm(SymmetricAlgorithmNames.AesCbcPkcs7);
    IBuffer keymaterial = CryptographicBuffer.ConvertStringToBinary(backupKey, BinaryStringEncoding.Utf8);
    CryptographicKey key = algorithm.CreateSymmetricKey(keymaterial);
    IBuffer inputDecrypted = CryptographicEngine.Decrypt(key, input, initVector);
    Debug.WriteLine("Encrypted message: {0}", CryptographicBuffer.ConvertBinaryToString(BinaryStringEncoding.Utf8, inputDecrypted));
    return inputDecrypted;
}

I've tested it like this:

private const string mySuperSecretKey = @"s3cr3tsadjfjlksdfj@^&^$)(ojfaapsojowejiwfpkwfvz";
private async void firstBtn_Click(object sender, RoutedEventArgs e)
{
    var sourceFile = await Package.Current.InstalledLocation.GetFileAsync("TestMessage.txt");
    var targetFile = await ApplicationData.Current.LocalFolder.CreateFileAsync("EncryptedMessage.txt", CreationCollisionOption.ReplaceExisting);
    await EncryptFile(mySuperSecretKey, sourceFile, targetFile);            
}

private async void secondBtn_Click(object sender, RoutedEventArgs e)
{
    var sourceFile = await ApplicationData.Current.LocalFolder.GetFileAsync("EncryptedMessage.txt");
    var dataDecrypted = await DecryptFile(mySuperSecretKey, sourceFile);
}

The above code is of course very simple and should be improved, but maybe will help you to start. Also please remember to protect your secret key, it's not so hard to decompile the package.