8

I'm developing a healthcare iOS app. I'd like my users' data to be encrypted so if their iPhone is stolen, the thief won't be able to access their health info. The rightful owner SHOULD be able to access their information (so different than this question).

I'm considering using SQLCipher to encrypt the entire DB, and putting the SQLCipher password in Keychain.

Is this a good technique?

Also, do I understand correctly that--since everything is on the device--a determined hacker will be able to break in no matter what?

Community
  • 1
  • 1
Ford
  • 1,485
  • 3
  • 14
  • 20
  • possible duplicate of [Secure information contained on iPhone SQLite DB](http://stackoverflow.com/questions/3335364/secure-information-contained-on-iphone-sqlite-db) – Brad Larson Dec 06 '10 at 00:14
  • See also [iPhone SQLite Password Field Encryption](http://stackoverflow.com/questions/3017581/iphone-sqlite-password-field-encryption) – Brad Larson Dec 06 '10 at 00:15
  • 1
    well, it's not really a duplicate of that question because the secured data isn't mine (the app developer) it's the user's. I'm not trying to protect my IP from competitors, I'm trying to protect the user's health info from thieves or people snooping on the iphone's backup. – Ford Dec 06 '10 at 04:11
  • If anything it's a duplicate of [How can I encrypt CoreData contents on an iPhone](http://stackoverflow.com/questions/1645007/how-can-i-encrypt-coredata-contents-on-an-iphone), to which you provided a great answer! – Ford Dec 06 '10 at 04:23
  • @ford : https://github.com/sjlombardo/sqlcipher this is not working can you please share how did you manage to encrypt the sqlite file? – Pooja M. Bohora Mar 20 '14 at 11:38

2 Answers2

5

Aim for two-factor encryption: you should encrypt the DB as described, but require the user to enter in a password each time they launch the application. The DB's key would be a hash of the password, salted with a nonce. Store the password salt in the keychain.

A determined hacker could could get to the encrypted SQLite database through filesystem access. If they were able to break the keychain encryption, they would easily be able to crack the database, but by requiring a password (or passphrase) from the user, it helps against that attack.

Jason
  • 28,040
  • 10
  • 64
  • 64
2

I think that your solution make sens. It gives quite good security and keep your app simple to use.

The main thing you are geting with keychain is that the user backups are secured because keychain content isn't backed up with iphone. (But I guess you know that already)

But this is huge security plus as the potential hacker will have to get physical access to the iphone. Moreover if the iphone is blocked by pin it is likely that the only quick way to get the data out is to physically access the flash memory of the device which isn't the easiest thing to do.

To be honest I don't believe that users will use your app if you force them to enter long passwords. And if you let them use any password their like, hackers will be able to break the database encryption using dictionary attack.

Piotr Czapla
  • 25,734
  • 24
  • 99
  • 122