Welcome!

Welcome to the official BlackBerry Support Community Forums.

This is your resource to discuss support topics with your peers, and learn from each other.

inside custom component

Web and WebWorks Development

Reply
axg
Contributor
axg
Posts: 10
Registered: ‎04-20-2012
My Device: PlayBook
My Carrier: AT&T
Accepted Solution

SQLite DB encryption

I had like to know the encryption details for a database created via a webworks app. So far all I have been able to learn from separate comments in the forum is that SQLite DB in Web Works app is encrypted by default. I have tried to open the database and I do see it is encrypted.

 

Some of the links that point this out:

http://supportforums.blackberry.com/t5/Web-and-WebWorks-Development/Database-problem-in-the-webworks...

 

http://stackoverflow.com/questions/9738163/blackberry-attach-pre-populated-sqlite-database

 

http://supportforums.blackberry.com/t5/Web-and-WebWorks-Development/Reading-sqlite-database-created-...

 

http://supportforums.blackberry.com/t5/Web-and-WebWorks-Development/Can-a-Blackberry-SQLite-database...

 

http://supportforums.blackberry.com/t5/Web-and-WebWorks-Development/Questions-on-JavaScript-Extensio...

 

What I had like to know is the details. Is there a well documented feature spec or link that we can direct our customers to?

Please use plain text.
BlackBerry Development Advisor
twindsor
Posts: 822
Registered: ‎07-15-2008
My Device: Z10
My Carrier: Bell

Re: SQLite DB encryption

Is this an appropriate link for your customers?

 

http://docs.blackberry.com/en/developers/deliverables/17952/Protecting_a_SQLite_database_1219777_11....

Tim Windsor
Application Development Advisor II
Please use plain text.
axg
Contributor
axg
Posts: 10
Registered: ‎04-20-2012
My Device: PlayBook
My Carrier: AT&T

Re: SQLite DB encryption

Thanks for the reply Tim.

 

So the secuity details mentioned in the link you provided, are they applicable for the SQLite db created from WebWorks app too? I was looking at this link but it has no mention about the db encryption.

Please use plain text.
BlackBerry Development Advisor
twindsor
Posts: 822
Registered: ‎07-15-2008
My Device: Z10
My Carrier: Bell

Re: SQLite DB encryption

No actually. I missed that in your original post - I was just thinking about SQLite. You would need to create an extension that stored the data using the SQLite api and encryption methods. The standard HTML5 API for Database did not include encryption.

Tim Windsor
Application Development Advisor II
Please use plain text.
Developer
interfaSys
Posts: 817
Registered: ‎11-19-2009
My Device: Z10, Q10, 9900, 9790, PlayBook,
My Carrier: T-Mobile UK, Three, O2, Orange, Sunrise, Swisscom

Re: SQLite DB encryption

If you want to be on the safe side and rely on your own encryption mechanism, BlackBerry has provided us with an encryption extension
http://supportforums.blackberry.com/t5/Web-and-WebWorks-Development/Congrats-on-the-BB10-WebWorks-Cr...
--
Olivier - interfaSys ltd
Developing for BlackBerry 10 devices using the Sencha Touch framework.
Please use plain text.
axg
Contributor
axg
Posts: 10
Registered: ‎04-20-2012
My Device: PlayBook
My Carrier: AT&T

Re: SQLite DB encryption

This is a bit confusing. The links I had mentioned above, all talk about Webworks app and it has been mentioned in them the db is encrypted. I am not using any extension for db handling and when I tried to open it, I did see it to be encrypted. Am I missing something here?

 

@interfaSys, 

I have seen that post about the crypto extension but unfortunately it's only for BB10. We are developing for BB OS 6/7/7.1 as well and need to cover their encryption as well.

Please use plain text.
Developer
interfaSys
Posts: 817
Registered: ‎11-19-2009
My Device: Z10, Q10, 9900, 9790, PlayBook,
My Carrier: T-Mobile UK, Three, O2, Orange, Sunrise, Swisscom

Re: SQLite DB encryption

Oh, I see.

I would also be interested in knowing what the process is and who is responsible for the encryption (OS, webkit,crypto API?)
--
Olivier - interfaSys ltd
Developing for BlackBerry 10 devices using the Sencha Touch framework.
Please use plain text.
BlackBerry Development Advisor
twindsor
Posts: 822
Registered: ‎07-15-2008
My Device: Z10
My Carrier: Bell

Re: SQLite DB encryption

Strange, I was certain that I was told the database was not encrypted, but there seems to be lots of people who would know saying it is. I will have to check my sources. 

 

And I don't see it documented anywhere, which is pretty silly. I will see what I can do about that when I know what the real answer is.

Tim Windsor
Application Development Advisor II
Please use plain text.
BlackBerry Development Advisor
twindsor
Posts: 822
Registered: ‎07-15-2008
My Device: Z10
My Carrier: Bell

Re: SQLite DB encryption

Okay, I've checked with some folks and I've got more information now about what the situation is.

 

On BBOS:

[JAVA] SQLite databases in a Java app are not encrypted by default, but can be encrypted.

 

[WebWorks] SQLite databases in a WebWorks app are encrypted by default and there are no APIs to change it or do anything with the encryption.

 

On PlayBook/BB10:

[WebWorks] Databases are not encrypted by default - as they exist within the application's secure sandbox.

 

The encryption in the case of BBOS WebWorks is done by WebWorks - which is calling the BlackBerry Java SQLite  API to do so. So those docs I sent about SQLite encryption in Java apply to WebWorks.

Tim Windsor
Application Development Advisor II
Please use plain text.
Developer
peardox
Posts: 1,229
Registered: ‎03-20-2011
My Device: Playbook, Z10 LE, Dev Alpha B, 2x Dev Alpha C
My Carrier: 3, Orange, Vodafone

Re: SQLite DB encryption

SQLite - well it says it on  the tin (it's lite)

 

Both Oliver and Tim provide good advice

 

As Tim notes the filesystem on BB is available but unencrypted. The thing not mentioned is that its almost impossible to access that data unless you deliberately expose it in some way

 

As Oliver notes you can do on-device encrpytion, this also is good

 

There comes a choice at some point as to your DB of choice

 

If your requirements are simple - encypt a text file (extremely easy)

 

As you mention SQLite (it's a key-pair solution) it seems unlikely that you need a full 3NF - it sounds like we're talking names and addresses rather than associative requirements (look up Third Normal Form in Wiki)

 




Click the like button if you find my posts useful!
Please use plain text.