Login/Register
How to encrypt/decrypt my CoreData(sqlite)? Can I use SQLCipher for it?
Asked Answered
Solved iossqlitecore-dataencryptionsqlcipher
E

1

8
  1. What I can do if I want to protect my app's database?
  2. What do I need to know for using SQLCipher?
Effortless answered 29/5, 2016 at 15:27 Comment(0)
E
18

Implementing addition protection for users’ data is a really good idea especially when application have a deal with users’ finance information, secure notes, passwords, e.t.c. By default an data base is not encrypted. Its only form of protection is that it is sandboxed from other applications.

For this purpose you can use one of the following way:

  • Using NSFileProtectionKey
    • This approach helps to to keep the data from being accessible if the user loses the phone.
    • NSDictionary *storeOptions = @{ NSPersistentStoreFileProtectionKey : NSFileProtectionComplete };
    • [coordinator addPersistentStoreWithType:NSSQLiteStoreType configuration:nil URL:[self storeURL] options:storeOptions error:&error])
    • NSFileProtectionComplete - The file is stored in an encrypted format on disk and cannot be read from or written to while the device is locked or booting.
    • If no passcode is set or an attacker can unlock the device by gaining physical access, the database file and it's content can be accessed when the device will be jailbreaked.
    • Useful links
  • Transformable Attributes
    • This option is sufficient for if you need to use multiple encryption keys or encrypt only certain attributes. Details here.
  • SQLCipher
    • If there’s a need to encrypt entire database’s file you can use SQLCipher. It’s an open source extension to SQLite that provides transparent 256-bit AES encryption.
    • you should be warned about few things:
      • Slight drop in performance -- SQLCipher claims about 5-15% overhead in database I/O.
      • Larger application size, if using SQLite -- you have to embed a copy of SQLCipher instead of using the system's built-in SQLite library.
      • There’s can be a situation where you need to get an ERN (Encryption Registration approval from BIS)
    • To install SQLCipher you can read zeletetic’s official tutorial of just use a cocoapod
      • pod 'SQLCipher'
    • To encrypt existing database, you need to use sqlcipher_export(). Example
    • SQLCipher and CoreData
      • CoreData doesn't work directly with SQLCipher, but you can use this project for that purpose
Effortless answered 29/5, 2016 at 15:38 Comment(1)
Great summary - I second using EncryptedCoreData for wrapping SQLCipher for Core Data.Distillate

© 2022 - 2024 — McMap. All rights reserved.