4

I'm developing an iOS 7 and above app that uses Core Data, and I was given the requirement of encrypting the persisted data. I'm using an SQLite database behind the scenes.

I've been reading about Data Protection feature in iOS Technology Overview and App Programming Guide for iOS, but I'm not sure if it can be used with Core Data to encrypt the SQLite file... can it? How?

If using Data Protection with Core Data is possible, would that meet the requirement of encrypting the stored data? I mean, would it be enough? I've also found that there are some third-parties dealing with SQLite data encryption such as SQLCipher. Should I integrate one of this kind of third-parties?

Thanks in advance

AppsDev
  • 12,319
  • 23
  • 93
  • 186

2 Answers2

6

[...] but I'm not sure if it can be used with Core Data to encrypt the SQLite file... can it?

Like mentioned in this answer you should make sure that the SQLite file itself is encrypted on creation.

Using an NSPersistentStoreFileProtectionKey with the NSFileProtectionComplete options means that the "[...] file is stored in an encrypted format on disk and cannot be read from or written to while the device is locked or booting". Have a look at the documentation on all available options.

Like DV_ mentioned above, this only works when the device got a passcode.

If using Data Protection with Core Data is possible, would that meet the requirement of encrypting the stored data?

It depends on the sensitivity of the stored data. "Normally" the hardware encryption provided by Apple is enough for the normal use case.

If no passcode is set or an attacker can unlock the device by gaining physical access, the database file and its content can be accessed when the device will be jailbreaked.

Tools like SQLCipher help to be protected against this because you're not depending on the security framework provided by the system. Even when the device is compromised, the database file is encrypted because the en-/decryption will be handled from the application itself.

To protect the content of the database file with its individual attributes, you can use Transformable Attributes with an NSValueTransformer (details).

Community
  • 1
  • 1
flashfabrixx
  • 1,183
  • 9
  • 22
0
NSDictionary *attr = @{ NSFileProtectionKey : NSFileProtectionComplete };
NSError *error = nil;
[[NSFileManager defaultManager] setAttributes:attr ofItemAtPath:YOUR_DATABASE_PATH error:&error];

But this will encrypt database with key based on iPhone 4-digit passcode and device uid. It will not work for phones without passcode.

DV_
  • 346
  • 3
  • 5