I have a Monotouch app which uses a sqlite database. I want to encrypt the database so I am doing this:

_mainConnection = new SqliteConnection("Uri="+finalDB);
_mainConnection.Open();
_mainConnection.ChangePassword("mypassword");

However, its not working (on simulator and iphone). It gets this error:

at (wrapper managed-to-native) Mono.Data.Sqlite.UnsafeNativeMethods.sqlite3_rekey (intptr,byte[],int) <0x0005c> at (wrapper managed-to-native) Mono.Data.Sqlite.UnsafeNativeMethods.sqlite3_rekey (intptr,byte[],int) <0x0005c> at Mono.Data.Sqlite.SQLite3.ChangePassword (byte[]) <0x00053> at Mono.Data.Sqlite.SqliteConnection.ChangePassword (byte[]) <0x0004b> at Mono.Data.Sqlite.SqliteConnection.ChangePassword (string) <0x0005b>

Has anyone successfully used password protection on an sqlite database in Monotouch?

As per my research there are a few options for database encryption using MonoTouch. I have a forthcoming blog post on the subject, but for now these are your top two options:

SQLCipher

I've automated the SQLCipher build process substantially. All it takes is a simple make command and you've got a library that you can link into your project. It makes use of the awesome SQLite-NET library. After that, all that's required is to provide the key in the SQLite.cs file.

• SQLCipherNet: https://github.com/anujb/SQLCipherNet

CSharp-SQLite

This is a managed port of the SQLite library in C#. Performance is only about ~2x slower, which is pretty awesome considering it's not native code!

• Encryption: http://code.google.com/p/csharp-sqlite/wiki/ENCRYPTION
• Perf Benchmarks: http://code.google.com/p/csharp-sqlite/wiki/Benchmarks

Try adding ";Password=mypassword" to your connection string, and remove the call to ChangePassword.

Please note that, by default, the iPhone implementation of sqlite does not support encryption, so the sqlite commands for that will be no-ops.

You can get a (paid) copy of the encrypt-able version of sqlite from http://www.hwaci.com/sw/sqlite/see.html, and compile it into your application, making sure to remove the libsqlite3*.dylib from your project if you've linked that in.

You may have to do a bit of digging in the Monotouch documentation and/or experimentation to make sure that the Monotouch library itself is not including the default sqlite implementation, but in fact links to the implementation you specify. Try it first, if things still don't work that's where I'd start looking.

You can do this experiment without paying for the encrypted version, simply using the sqlite3 source code available on the net, with appropriate break points.

Good luck!

PS: Note that there is no comparable solution for Android at this point, this works on iPhone because iPhone runs native C code.

PPS: There is also SQLCipher that claims to encrypt sqlite on iPhone. However I found the configuration requirements to be below my standards for simplicity. I'm also not sure if it will properly insert itself between Monotouch's framework code and the default iPhone sqlite implementation.

SQLCipher for MonoTouch provides full database encryption for SQLite databases.

http://sqlcipher.net/sqlcipher-for-monotouch

There is also a SQLCipher on Mono for Android, which allows you to reuse the same code across Mono Touch and MonoDroid applications

http://sqlcipher.net/sqlcipher-for-monodroid

Just thinking out loud but could this be due to sqlite's dynlib that comes with the iPhoneSDK not being threadsafe?

For an alternative you might try looking at WWDC Vid 209 and just lock/encrypt the DB when you're outside the app.

You can probably do it yourself by issuing a "pragma rekey" in a raw SQLite query -- that is, if the SQLite version installed is actually SqlCipher.

I had the same problem but with a windows form application in C#. I could not find the solution so i had to encrypt my data manually when saving it and decrypt it when retrieving.