Data Encryption on Mobile Device

Data stored in mobile application DBMS should be encrypted. Data encryption is provided with standard SQLite tools using methods of the OpenSSL 1.1.0g library.

To encrypt data, use the openBase method of the mobile platform library kernel. The encryption key must be sent. After executing the operation the loading of data obtained from the server is accompanied with a single-time encryption and writing to DBMS.

NOTE. Encryption and decryption keys are located in application's operating memory, which prevents from getting access to data through direct connection to the file system.

Recommendations for Creating an Encryption Key

A key should include both mobile user's login and password. Data encryption mechanism in mobile device database is the following:

A mobile application accepts the login and password entered by the user and generates a single-string parameter.
The SHA-256 hash function is applied to the obtained parameter. The result of this function is used as an encryption key for SQLite DBMS.
The obtained key, on writing to DBMS, is sent in the openBase method. The AES-256-CBS block algorithm is used for encryption.
To decrypt data, enter the login and password, of which the key consists, using the decryption method described in the first two items.

To enhance algorithm's cryptostrength, add an additional key that is salt. Data encryption mechanism in mobile application database is the following:

A mobile application accepts the login and password entered by the user and generates a single-string parameter.
The SHA-256 hash function is applied to the obtained parameter.
An additional key that is a 20-character string is generated. It is allowed to determine a key at application level.
The generated additional key is added to the string with the calculated hash function result.
The SHA-256 hash function is reapplied to the obtained string. The result of this function is used as an encryption key for SQLite DBMS.