How to use SQLCipher in Ionic project

rajkhowa · November 20, 2017, 11:07am

I have implemented a project using Ionic2 and SQLite. Now I want to use SQLCipher for encrypting data. But after installing plugin cordova-sqlcipher-adapter, i am not able to use it. As per documentation, i need to use it like this:

document.addEventListener(‘deviceready’, function() {
db = window.sqlitePlugin.openDatabase({name:
‘demo.db’, key: ‘your-password-here’, location: ‘default’});
});

But during build, i get the error “property sqliteplugin does not exist on type window”.

Please guide in this regard as i am not able to find online tutorial on SQLCipher.

Regards,

iwantwin · November 20, 2017, 1:35pm

Have you tried this?

document.addEventListener(‘deviceready’, function() {
db = <any>window.sqlitePlugin.openDatabase({name:
‘demo.db’, key: ‘your-password-here’, location: ‘default’});
});

This basically tells the typescript compiler to shut up and execute It’s now assuming window is of type any instead of type Window (functionality of window is untouched though!)

rajkhowa · November 20, 2017, 5:12pm

I have tried it but the same error comes up. Btw, do I have to import any module for sqlcipher ? I had imported

import { SQLite, SQLiteObject } from '@ionic-native/sqlite';

for sqlite implementation.For SQLCipher, I have installed Cordova-sqlcipher-adapter.

rajkhowa · November 21, 2017, 3:48pm

I am puzzled. Is it so difficult to use SQLCipher with Ionic2? Why is there so little material available on SQLCipher? Or there are other alternatives available? Please answer as I am not able to make progress.

iwantwin · November 24, 2017, 11:20am

Can you show some code perhaps? I’m happy to help out but I’m currently unsure what you are not doing as you are supposed to do

rajkhowa · November 25, 2017, 12:55pm

Thanks for your reply. I have shown the code in my first post. The error is “property sqliteplugin does not exist on type window”. I have used import as

import { SQLite, SQLiteObject } from ‘@ionic-native/sqlite’;

Installed the plugin cordova-sqlcipher-adapter. Project is working fine with SQLite database.

iwantwin · November 27, 2017, 10:57am

@rajkhowa ooops, I made a mistake in my earlier suggestion!

Please try:

document.addEventListener(‘deviceready’, function() {
db = (<any>window).sqlitePlugin.openDatabase({name:
‘demo.db’, key: ‘your-password-here’, location: ‘default’});
});

Note the brackets I added

rajkhowa · November 28, 2017, 7:01pm

Many many thanks. You are a life-saver . Now the errors have gone. However I am not able to do insert and select from the database.

    var db = null;

	document.addEventListener('deviceready', function() {
	db = (<any>window).sqlitePlugin.openDatabase({name:'datanew.db', key: 'test', location: 'default'});

	db.transaction(function(tx) {

    tx.executeSql('CREATE TABLE IF NOT EXISTS usertbl (id INTEGER PRIMARY KEY AUTOINCREMENT, loginid string, password string)');

    tx.executeSql('INSERT INTO usertbl(loginid, password) VALUES (?,?)', [[this.rndLogin], [this.rndPass]]);    

  }, function(error) {

console.log('Transaction ERROR: ' + error.message);

 }, function() {
console.log('Populated database OK');

 });	
  });

When I try to login and match the input values with those in DB, the login does not go through but no error is shown either. Please guide in this regard.

var db = null;

db = (<any>window).sqlitePlugin.openDatabase({name:'datanew.db', key: 'test', location: 'default'});
db.transaction(function (tx) {        

    tx.executeSql('select * from usertbl',[], function (tx, resultSet) {						
	if ((this.loginid == resultSet.rows.item(0).loginid) && (this.password == resultSet.rows.item(0).password))
		this.navCtrl.setRoot('HomePage');
	else {
		alert("Wrong credential !!");
		this.loginForm.reset();	
	}		
console.log('Record login (expected to be 1): ' + resultSet.rows.item(0).loginid);
},	function (tx, error) {
        console.log('SELECT error: ' + error.message);
    }, function (error) {
    console.log('transaction error: ' + error.message);
}, function () {
    console.log('transaction ok');
});
});

iwantwin · November 30, 2017, 2:10pm

Wondering if you are using android here? Perhaps it could be the problem of opening the same database multiple times? See: http://ericsink.com/entries/multiple_sqlite_problem.html

Perhaps write a provider that opens the db on init, and simply perform crud operations on it via the provider, so you have simply 1 connection open

SigmundFroyd · November 30, 2017, 3:27pm

The issue here is the usage of function.

You pretty much never want to utilize function in an Ionic app, and instead use the fat arrows syntax () =>.

So replace things like
function(tx) with (tx) =>,

And
function() with () =>

etc.

rajkhowa · November 30, 2017, 5:18pm

Thanks both of you. Replacing function with => did the trick. I am curious as to what role the key plays while opening the database. Is it a good practice to store the key in source code? Also as I have read, in SQLCipher all data in the main database file is encrypted. How do I view the encrypted data ?

SigmundFroyd · November 30, 2017, 5:22pm

I don’t have any experience with the plugin in question unfortunately, but storing the key in the source code certainly seems to defeat some of the purpose of encrypting the DB.

I’d imagine that you’d want to store the key on a server potentially, or have the key be specific to the user such as their password. I’m no security or encryption expert, though.

rajkhowa · December 2, 2017, 3:10am

Thank you. @iwantwin please throw some light on the key issue and security aspect of SQLCipher.

iwantwin · December 4, 2017, 1:11pm

Best would be to not store the key in a readible form in the application If someone would get the apk/ipa and decompile it, and read the key, they can access the data. Storing a generated key for a user/device would be better; at least a person with bad intentions wouldn’t be able to decompile every database, but just the one for the user/device. But if you save the key for the user/device, and save it in a way the app can access it, someone with bad intentions can probably still get the key.

I’ve had a server where the user would login with their username/password combo, and the database password would be returned from the server; but you have to make sure that someone with bad intentions is not able to get it by network sniffing.

Best would be to make it a “password” like feature for the user; ask the user to enter their “database password” and thus unlock their app. And never ever save that password anywhere. Worst case a user forgets their password and they lose the data on the sqlite database because you can’t access it anymore.

Ofcourse it depends on the level of protection you’d want

basti · February 13, 2018, 9:37pm

Hi! I just started to switch from SQLite to SQLCipher, but I’m even struggling at the beginning. The code snippets in the docs might be helpful when it’s running, but it won’t on my machine.
You helped me a bit, but I still can’t get it working. I’m not even totally sure where to put the code exactly.
Can you please provide some more code? Or describe where to put what (constructor, function, provider, …)

Thanks!!!