[guardian-dev] SQLCipher: best practices

Nathan of Guardian nathan at guardianproject.info
Tue Aug 5 14:54:25 EDT 2014



On 08/05/2014 02:30 PM, Cédric Jeanneret wrote:
> I'm considering using SQLCipher in a new app, as it will store location,
> wireless essid and timestamp.
> I've looked at the examples[1], but it seems they are using hard-coded
> password which, obviously, isn't that good…
> 
> How shall I do in order to get some random password? If possible one per
> device, generated at install time or anything like that (well, if that's
> possible, of course ;) ).

Cacheword is our solution for that:
https://github.com/guardianproject/cacheword

CacheWord is an Android library project for passphrase caching and
management. It helps app developers securely generate, store, and access
secrets derived from a user's passphrase.

CacheWord is still under development. Proceed with caution

Broadly speaking this library assists developers with two related problems:

Secrets Management: how the secret key material for your app is
generated, stored, and accessed
Passphrase Caching: store the passphrase in memory to avoid constantly
prompting the user
CacheWord manages key derivation, verification, persistence, passphrase
resetting, and caching secret key material in memory.

Features:

Strong key derivation (PBKDF2)
Secure secret storage (AES-256 GCM)
Persistent notification: informs the user the app data is unlocked
Configurable timeout: after a specified time of inactivity the app locks
itself
Manual clearing: the user can forcibly lock the application
Uses Android's Keystore on 4.x if available - Not Yet Implemented
CacheWord requires at least SDK version 2.2 (API level 8)


More information about the Guardian-dev mailing list