Attachments in Encrypted CBL using SQLCipher for Android


I’m developing and Android app with Couchbase Lite and using SQLCipher to encrypt the db. I tried to use Forrest initially, but ran into this issue here -

I read in the docs that attachments are not actually stored in the database - they are stored as individual files in a directory right next to the actual db. Will these files go through the same encryption process that the JSON documents in the actual db go through?

My main reason for wanting to use encryption is to encrypt audio files. Having the JSON encrypted is actually not that important to me, I’m not going to store any sensitive information there. But it is important that the attachments are encrypted.

Thanks much,


Yes, the attachments will also be encrypted the same as the data in the database.

Great, thanks for your help!


Sorry to dig this up… Has anyone gotten this to work with Replication? It’s early days but it appears the length call isn’t supported in our limited tests: (CBL 1.3.X on Xamarin on Android)

System.NotSupportedException: Stream does not support seeking.
at System.Security.Cryptography.CryptoStream.get_Length () [0x0000a] in <3fd174ff54b146228c505f23cf75ce71>:0
at Couchbase.Lite.Replicator.Pusher.UploadMultipartRevision (Couchbase.Lite.Internal.RevisionInternal revision) [0x00000] in /Users/jenkins/jenkins/workspace/couchbase-lite-net-build/1.3.1/Android/couchbase-lite-net/src/Couchbase.Lite.Shared/Revisions/SavedRevision.cs:290
at Couchbase.Lite.Replicator.Pusher.UploadChanges (System.Collections.Generic.IList1[T] changes, System.Collections.Generic.IDictionary2[TKey,TValue] revsDiffResults) [0x00000] in /Users/jenkins/jenkins/workspace/couchbase-lite-net-build/1.3.1/Android/couchbase-lite-net/src/Couchbase.Lite.Shared/Revisions/SavedRevision.cs:60
at Couchbase.Lite.Replicator.Pusher+c__AnonStorey4.<>m__0 (System.Object response, System.Exception e) [0x00076] in /Users/jenkins/jenkins/workspace/couchbase-lite-net-build/1.3.1/Android/couchbase-lite-net/src/Couchbase.Lite.Shared/Store/BlobKey.cs:120
INFO) SYNC (RemoteSession): [9] 2017-5-30 03:47:53.727-04:00 [Couchbase Sync Gateway: Version=1.3.1]: Server Version: [Couchbase Sync Gateway: Version=1.3.1]
ERROR) SYNC (Pusher): [6] 2017-5-30 03:47:53.741-04:00 Unhandled exception in Pusher.ProcessInbox, continuing…:
System.NotSupportedException: Stream does not support seeking.
at System.Security.Cryptography.CryptoStream.get_Le

This was fixed in 1.4 ->

@borrrden hi! does CBL mobile encrypts json data also and store inside the DB as encrypted string/BLOB?

I don’t quite understand your question, and this is an old post anyway, but if you have an encrypted database, all data including blobs (which are stored outside the DB) are encrypted.