A method and device for securely accessing sqlite database files

Abstract

The present invention proposes a secure access method and device for SQLite database files, wherein the method includes: calling a hardware cryptographic module to generate an original encryption key when using SQLite for the first time, and using the provided SM1 algorithm and device master key, Encrypt the original key and store it with the hardware encryption module. When using it later, check whether the hardware encryption module is inserted and verify the PIN code. When writing the SQLite database file, calculate the 16 characters of the first page of the SQLite database file storage structure. To save the salt value, perform the bitwise AND of the generated original key and the salt value, perform three PBKDF2‑HMAC‑SM3 operations to generate the final SQLite database file encryption key, and then call the final database encryption key pair to the The file content of the SQLite database is to be encrypted page by page, and the message check code of the ciphertext of each page of the SQLite database is generated using the HMAC‑SM3 algorithm. Through the check code, the integrity of the SQLite database ciphertext is verified when the encrypted data file is decrypted. verify.

Description

technical field [0001] The invention relates to the field of embedded databases, in particular to a method and device for safely accessing SQLite database files. Background technique [0002] SQLite is an embedded lightweight database, which is widely used in Android and PC applications. It is also a built-in database in browsers such as Android system, Chrome, and Jinshi. It is an in-process library that realizes self-sufficiency, serverless, and zero configuration. , Transactional SQL database engine. It is a zero-configuration database, which means that like other databases, it does not need to be configured in the system. [0003] The original free version of SQLite has a fatal shortcoming: it does not support encryption, so that the data stored in SQLite can be viewed by anyone with any text editor. The paid version of SQLite and open source software that implements encryption through the encryption interface provided by SQLite , realized the encryption database based...

AI Technical Summary

Problems solved by technology

[0003] The original free version of SQLite has a fatal shortcoming: it does not support encryption, so that the data stored in SQLite can be viewed by anyone with any text editor. The paid version of SQLite and open source software that implements encryption through the encryption interface provided by SQLite , realized the encryption database based on the international standard algorithm DES, SHA512, etc., but the algorithm is implemented as pure software, there are certain security risks, the generation and storage of the key is not protected by hardware, the key has a great risk of leakage, through Static analysis, dynamic debugging, or HOOK technology can obtain the key, so charging based on international standard algorithms or open source encrypted database SQLite has great security risks, which may easily cause data leakage or data tampering

Images