I’m working on an Android project that utilizes Couchbase-Lite (1.1.0) and the requirements are that all data (the documents themselves and any Couchbase attachments) is encrypted prior to storage.
I had originally envisioned encrypting the entire database file using something like SQLCipher, but I haven’t been able to find a straightforward implementation for that (I know that the Couchbase-Lite implementation for iOS uses this approach, but the Android build is a bit behind), so instead my plan is to encrypt the documents (the JSON representation) and the attachments (the stream) before saving them into Couchbase-Lite database.
My questions: What are the recommendations for this kind of encryption? What methodology / libraries? I assume AES-256, but should I build it myself or utilize a 3rd party library (any suggestions)?
What’s the best way to maintain a passphrase within the device that is more secure than hardcoding it within the app (which is really, really bad)?
Has anyone seen something similar to this (my googling ability has left me high and dry) that could point me to a similar use case?