I'm using ormlite for my android-app. But now i have a problem. I have a class user with an attribute password. I want to encrypt/decrypt it. But i haven't found a solution, which works with ormlite. Has anyone an idea? I already found, that encryption is not supported by ormlite, but im searching for an other solution, which works with ormlite.
Is it possible to override den CRUD operations in the Dao? (I'm new to android, sorry if its a stupid question)
Thanks for help
Well you wouldn't specify a cleartext password field to be stored in the DB but only store the encrypted password (or even better only the password hash, see Best way to store password in database).
So you would have something like
class User {
@DatabaseField(canBeNull = false)
private String passwordHash;
public void setPassword(String password) {
this.passwordHash = hashPassword(password);
}
public boolean isPasswordCorrect(String givenPassword) {
return TextUtils.equals(hasPassword(givenPassword), passwordHash);
}
private String hashPassword(String password) {
return AeSimpleSHA1.SHA1(password);
}
}
public class AeSimpleSHA1 {
private static String convertToHex(byte[] data) {
StringBuffer buf = new StringBuffer();
for (int i = 0; i < data.length; i++) {
int halfbyte = (data[i] >>> 4) & 0x0F;
int two_halfs = 0;
do {
if ((0 <= halfbyte) && (halfbyte <= 9))
buf.append((char) ('0' + halfbyte));
else
buf.append((char) ('a' + (halfbyte - 10)));
halfbyte = data[i] & 0x0F;
} while(two_halfs++ < 1);
}
return buf.toString();
}
public static String SHA1(String text)
throws NoSuchAlgorithmException, UnsupportedEncodingException {
MessageDigest md;
md = MessageDigest.getInstance("SHA-1");
byte[] sha1hash = new byte[40];
md.update(text.getBytes("iso-8859-1"), 0, text.length());
sha1hash = md.digest();
return convertToHex(sha1hash);
}
}
SHA1 stuff shamelessly copied from How to SHA1 hash a string in Android?.
