iphone data security

Question

i'm a newbie in IPhone Dev,

i have an app that contains large amount of secured important data, after many searches i realized that SQLite is the most appropriate way to put my data(large amount) in, but i found some people talking about breaking the password protected SQLite files, should i make my own data structure with a customized search for it...or there is a way to use SQLite securely.

thanx in advance;

edit: if i encrypted data and the decrypt it in runtime i'll loose :

searching using SQL
performance

SQLite is just a file on the device. If you want to encrypt the data, encrypt it before you place it in the database. — Rudiger, Nov 06 '10 at 14:15

score 0 · Answer 1 · answered Jun 10 '12 at 09:54

Have a look at http://sqlcipher.net/ which uses AES (transparently) to store data in SQLite - it should be strong enough for your use-case.

The rest depends on your situation:

1) is the system offline? You won't be able to do a secure persistent login - users will have to sign in every time an app goes to the foreground in order to access the data.

2) is your system online? Persistent login may be possible since the server-side authentication component may be deactivated for the user/device when the device is lost. Just prompt the server for the unlock token after user enters the password and use this token to unlock the database (specific implementation is up to you, I would go with the explicit device-server pairing with public/private keys)...

One particular situation to keep in mind is a password change. It can be dealt with using data re-import into a new crypted database. Gist:

You need to ask user to enter the old password in order to unlock the current database for reading, then for the new password to create the new one and then import old data to the new database. And when the process is finished, simply delete the old database...

Hope that helps...

score 0 · Answer 2 · answered Nov 06 '10 at 15:02

As the SQLite database is just a file in your /Documents folder - you could decrypt it when you launch your app, and re-encrypt it when you exit. There are public-key and AES functions already built into the iPhone to do this.

You'd probably want to use a password that the user entered too.

Be sure to do this in an atomic/idempotent fashion so that if the encrypt/decrypt/copy/move/rename process gets interrupted, you don't corrupt the files!

score 0 · Answer 3 · answered Nov 06 '10 at 17:25

0

Have you looked at using Tokyo Cabinet? There might be something you could accomplish through the storage of binary objects. (...just a thought.)

answered Nov 06 '10 at 17:25

joshpaul

953
8
12

thnx for ur reply , but i need searching in the data using SQL, check: http://stackoverflow.com/questions/1226539/tokyo-cabinet-vs-sqlite3-on-iphone – Badr Nov 07 '10 at 07:42

iphone data security

3 Answers3