DatabaseEncryptionProvider

Provides SQLCipher SupportSQLiteOpenHelper.Factory for Room database encryption.

The SQLCipher passphrase is a 256-bit random value generated once and encrypted with an Android Keystore AES-256-GCM key. The wrapped passphrase is persisted in SharedPreferences; the wrapping key never leaves the Keystore / TEE / StrongBox.

For federal/DoD deployments where Android full-disk encryption alone is insufficient.

Requires net.zetetic:sqlcipher-android on the classpath. If the dependency is missing and encryption is enabled, createFactory throws IllegalStateException.