IOCipher: Virtual Encrypted Disks

alberti cipher disk IOCipher provides a virtual encrypted disk for Android apps without requiring the device to be rooted. It uses a clone of the standard java.io API for working with files, so developers already know how to use it. Only password handling, and opening the virtual disk are what stand between the developer and working encrypted file storage. It is based on and SQLCipher.

IOCipher is a cousin to SQLCipher-for-Android since it is also based on SQLCipher and uses the same approach of repurposing an API that developers already know well. It is built on top of libsqlfs, a filesystem implemented in SQL that exposes a FUSE API.

Features

  • Secure transparent app-level virtual encrypted disk
  • No root required
  • Only three new methods to learn: new VirtualFileSystem(dbFile), VirtualFileSystem.mount(password), and VirtualFileSystem.unmount()
  • Supports Android versions 2.1 and above
  • Licensed under the LGPL v3+

Adding IOCipher to your App

Here are the things you need to do in your code to make it use IOCipher encrypted storage for all of your app’s file storage:

  1. manage the password
  2. connect to your encrypted disk’s file using new VirtualFileSystem(dbFile)
  3. mount it with a password using VirtualFileSystem.mount(password)
  4. replace the relevant java.io import statements with info.guardianproject.iocipher, e.g.:

    import info.guardianproject.iocipher.File;
    import info.guardianproject.iocipher.FileOutputStream;
    import info.guardianproject.iocipher.FileReader;
    import info.guardianproject.iocipher.IOCipherFileChannel;
    import info.guardianproject.iocipher.VirtualFileSystem;
    import java.io.FileNotFoundException;
    import java.io.IOException;
    import java.io.InputStream;
    import java.nio.channels.Channels;
    import java.nio.channels.ReadableByteChannel;

For more detailed examples, see IOCipherExample, IOCipherThreadTest, and IOCipherTests

Downloads

Here you can get the complete IOCipher jar and armeabi library files, ready to drop right into your project (for Intel or MIPS, you need to build from source):

If you are interested in experimenting with the underlying FUSE library, you can download the libsqlfs source tarball:

Source Code Repositories

optional:

Usage notes

  • currently only one VFS open per-app is supported
  • single thread/sequential access is the preferred way of using IOCipher
  • multi-threaded access possible, but potentially unstable under very high load
  • VFS now has beginTransaction and completeTransaction to optimize performance
  • parts of java.io not currently supported: vectored I/O, memory-mapped files

Reporting Bugs

Please report any bugs or issues that you have with this library! We want to hear from you. Help us improve this software by filing bug reports about any problem that you encounter. Feature requests and patches are also welcome!

Known Issues

  • files cannot currently be larger than the available RAM on the device (#553)
  • under very heavy, concurrent writes, the SQLite WAL log can grow very large and without upper limit (#555)
  • key hashing should be strengthened (#492)
  • no users, groups, or permissions implemented
  • crashes possible under extremely heavy, concurrent load (#522)
  • View all open issues

Leave a Reply

Your email address will not be published.

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

Important Links

You can always get the latest information on our blog. Also, track our activity on our Project Site; and request features or file bugs on our Issue Tracker.

Free and Free!

All of our software is free/libre and open-source. You can find our app downloads, code repos and issue trackers on Github.

Get Apps

Featuring Recent Posts WordPress Widget development by YD