4 Replies Latest reply on Feb 23, 2011 1:59 AM by l33tian

    SQLlite Database Encryption Question

    l33tian Level 1

      hello all, I'm developing Air Application using flex, I need to encrypt the database file. It is said that an encrytion key of exaclty 16 byte is needed...At the Start the user is given the option of either using an existing encryppted sql database or creating a new encrypted one. please how do i make sure a string is converted to a ByteArray with length of exaclty 16 byte....any form of explaination or sample code would help

       

      Thanks

        • 1. Re: SQLlite Database Encryption Question
          injpix Level 3

          as3corelib should be benefical for your request.  It contains a package (com.adobe.air) specifically for AIR which contains cryptographic hash functions.  The EncryptionKeyGenerator.getEncryptionKey() returns, "The generated encryption key, a 16-byte ByteArray object".  The string that you pass into it, can be any length.


          Here is an article on encrypting an AIR database that mentions as3corelib.

          • 2. Re: SQLlite Database Encryption Question
            l33tian Level 1

            WOW! So even if i pass a single character into the method regardless of the length property the byteArray it amounts to, do you mean to say its still gonna return a 16-Byte ByteArray Object..that Would be really cos...i dont wanna go through the pain of writting a logic for it

            • 3. Re: SQLlite Database Encryption Question
              injpix Level 3

              Sorry, the string that you pass to it must be conformed correctly.  If it isn't, it will throw this error message:

              ArgumentError: The password must be a strong password. It must be 8-32 characters long. It must contain at least one uppercase letter, at least one lowercase letter, and at least one number or symbol.

              Currently I am using the method below to generate a password.  I haven't had any issues with it not generating a password that isn't conformed correctly for the getEncryptionKey().  But you can easily edit it, for that it *will* contain "...at least one uppercase letter, at least one lowercase letter, and at least one number or symbol."

               

              public static function generateRandomPassword(strHash:String = 'acbdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890!@#$%^&*',lnHash:Number = 32):String
              {
                   var i:Number = 1;
                   var hash:String = "";
                   var nLenght:Number = strHash.length;
                   while (i <= lnHash)
                   {
                        var num:Number = Math.floor(Math.random()*nLenght)+1;
                        hash += strHash.charAt(num);
                        i++;
                   }
                   return hash;
              }
              

               

              But also keep in mind, that this key will be stored in the ELS directory of the user's machine.  So it is protected by the OS by a certain degree.

              • 4. Re: SQLlite Database Encryption Question
                l33tian Level 1

                Okay...thanks....I have finally nailed it...besides Its better to use a strong password