1# Database Encryption 2 3 4## When to Use 5 6OpenHarmony provides the database encryption capability to effectively protect the data stored in a database. Database encryption allows data to be stored and used in ciphertext, ensuring data confidentiality and integrity. 7 8The encrypted database can be accessed only using an API, and the database file cannot be opened in other ways. Whether a database is encrypted is set when the database is created, and the setting cannot be changed. 9 10Both KV stores and RDB stores support database encryption. 11 12 13## Encrypting a KV Store 14 15When a KV store is created, the **encrypt** parameter in **options** specifies whether to encrypt it. The value **true** means to encrypt the KV store, and the value **false** (default) means the opposite. 16 17For details about the APIs, see [Distributed KV Store](../reference/apis-arkdata/js-apis-distributedKVStore.md). 18 19 20```ts 21import distributedKVStore from '@ohos.data.distributedKVStore'; 22import { BusinessError } from '@ohos.base'; 23 24let kvManager: distributedKVStore.KVManager | undefined = undefined; 25let kvStore: distributedKVStore.SingleKVStore | undefined = undefined; 26let context = getContext(this); 27const kvManagerConfig: distributedKVStore.KVManagerConfig = { 28 context: context, 29 bundleName: 'com.example.datamanagertest', 30} 31try { 32 kvManager = distributedKVStore.createKVManager(kvManagerConfig); 33 console.info('Succeeded in creating KVManager.'); 34} catch (e) { 35 let error = e as BusinessError; 36 console.error(`Failed to create KVManager. Code:${error.code},message:${error.message}`); 37} 38if (kvManager !== undefined) { 39 kvManager = kvManager as distributedKVStore.KVManager; 40 try { 41 const options: distributedKVStore.Options = { 42 createIfMissing: true, 43 // Whether to encrypt the KV store. 44 encrypt: true, 45 backup: false, 46 autoSync: true, 47 kvStoreType: distributedKVStore.KVStoreType.SINGLE_VERSION, 48 securityLevel: distributedKVStore.SecurityLevel.S2 49 }; 50 kvManager.getKVStore<distributedKVStore.SingleKVStore>('storeId', options, (err, store: distributedKVStore.SingleKVStore) => { 51 if (err) { 52 console.error(`Fail to get KVStore. Code:${err.code},message:${err.message}`); 53 return; 54 } 55 console.info('Succeeded in getting KVStore.'); 56 kvStore = store; 57 }); 58 } catch (e) { 59 let error = e as BusinessError; 60 console.error(`An unexpected error occurred. Code:${error.code},message:${error.message}`); 61 } 62} 63if (kvStore !== undefined) { 64 kvStore = kvStore as distributedKVStore.SingleKVStore; 65 // Perform subsequent operations. 66 //... 67} 68``` 69 70 71## Encrypting an RDB Store 72 73When an RDB store is created, the **encrypt** parameter in **StoreConfig** specifies whether to encrypt it. The value **true** means to encrypt the RDB store, and the value **false** (default) means the opposite. 74 75For details about the APIs, see [RDB Store](../reference/apis-arkdata/js-apis-data-relationalStore.md). 76 77 78```ts 79import relationalStore from '@ohos.data.relationalStore'; 80 81let store: relationalStore.RdbStore; 82let context = getContext(this); 83const STORE_CONFIG: relationalStore.StoreConfig = { 84 name: 'RdbTest.db', 85 securityLevel: relationalStore.SecurityLevel.S1, 86 encrypt: true 87}; 88relationalStore.getRdbStore(context, STORE_CONFIG, (err, rdbStore) => { 89 store = rdbStore; 90 if (err) { 91 console.error(`Failed to get RdbStore. Code:${err.code},message:${err.message}`); 92 return; 93 } 94 console.info('Succeeded in getting RdbStore.'); 95}) 96``` 97