1# Database Encryption 2 3 4## When to Use 5 6OpenHarmony provides the database encryption capability to effectively protect the data stored in a database. Database encryption allows data to be stored and used in ciphertext, ensuring data confidentiality and integrity. 7 8The encrypted database can be accessed only using an API, and the database file cannot be opened in other ways. Whether a database is encrypted is set when the database is created, and the setting cannot be changed. 9 10Both KV stores and RDB stores support database encryption. 11 12 13## Encrypting a KV Store 14 15When a KV store is created, the **encrypt** parameter in **options** specifies whether to encrypt the KV store. The value **true** means to encrypt the KV store, and the value **false** (default) means the opposite. 16 17For details about the APIs, see [Distributed KV Store](../reference/apis/js-apis-distributedKVStore.md). 18 19 20```js 21import distributedKVStore from '@ohos.data.distributedKVStore'; 22 23let kvManager; 24let context = getContext(this); 25const kvManagerConfig = { 26 context: context, 27 bundleName: 'com.example.datamanagertest', 28} 29try { 30 kvManager = distributedKVStore.createKVManager(kvManagerConfig); 31 console.info('Succeeded in creating KVManager.'); 32} catch (e) { 33 console.error(`Failed to create KVManager. Code:${e.code},message:${e.message}`); 34} 35let kvStore; 36try { 37 const options = { 38 createIfMissing: true, 39 // Whether to encrypt the KV store. 40 encrypt: true, 41 backup: false, 42 autoSync: true, 43 kvStoreType: distributedKVStore.KVStoreType.SINGLE_VERSION, 44 securityLevel: distributedKVStore.SecurityLevel.S2 45 }; 46 kvManager.getKVStore('storeId', options, (err, store) => { 47 if (err) { 48 console.error(`Fail to get KVStore. Code:${err.code},message:${err.message}`); 49 return; 50 } 51 console.info('Succeeded in getting KVStore.'); 52 kvStore = store; 53 }); 54} catch (e) { 55 console.error(`An unexpected error occurred. Code:${e.code},message:${e.message}`); 56} 57``` 58 59 60## Encrypting an RDB Store 61 62When an RDB store is created, the **encrypt** parameter in **options** specifies whether to encrypt the RDB store. The value **true** means to encrypt the RDB store, and the value **false** (default) means the opposite. 63 64For details about the APIs, see [RDB Store](../reference/apis/js-apis-data-relationalStore.md). 65 66 67```js 68import relationalStore from '@ohos.data.relationalStore'; 69 70let store; 71let context = getContext(this); 72const STORE_CONFIG = { 73 name: 'RdbTest.db', 74 securityLevel: relationalStore.SecurityLevel.S1, 75 encrypt: true 76}; 77relationalStore.getRdbStore(context, STORE_CONFIG, (err, rdbStore) => { 78 store = rdbStore; 79 if (err) { 80 console.error(`Failed to get RdbStore. Code:${err.code},message:${err.message}`); 81 return; 82 } 83 console.info(`Succeeded in getting RdbStore.`); 84}) 85``` 86