I have created one small business application..In my application i have used sqlite database for storing the data.. Here I decided to use encryption method using security framework..I know about sqlite but i dont know how to implement sqlite encryption method...Please guide me....
Asked
Active
Viewed 2,482 times
2 Answers
2
The accepted answer by Shane Powell is incorrect.
Setting NSFileProtectionComplete for NSFileProtectionKey after addPersistentStoreWithType:configuration:URL:options:error: has no effect, i.e., the default setting (NSFileProtectionCompleteUntilFirstUserAuthentication) is applied, which is less secure.
The correct approach is to set NSFileProtectionComplete for NSPersistentStoreFileProtectionKey (note that this key is specific to the persistent store) in a dictionary passed for the options parameter...
NSDictionary *fileAttributes = @{NSPersistentStoreFileProtectionKey : NSFileProtectionComplete};
if (![persistentStoreCoordinator addPersistentStoreWithType:NSSQLiteStoreType configuration:nil URL:storeUrl options:fileAttributes error:&error]) {
...
I tested this using PhoneView and was able to access the SQLite on a locked device after an initial unlock using the accepted answer's approach, but I could not access the SQLite on a locked device after an initial unlock using the approach I suggested.
Scott Gardner
- 8,603
- 1
- 44
- 36
-
I am trying to enable sqlite db encryption on iOS 9 in Xcode 7 and I am following this approach. However, I can always see the .sqlite along with the .sqlite-wal and .sqlite-shm. And can always browse through the data for some reason. I have put my code here, I'd really appreciate it if you could take a look : http://stackoverflow.com/questions/39151959/nsfileprotectioncomplete-doesnt-encrypt-the-core-data-file – EmbCoder Aug 26 '16 at 13:54
1
You use the NSFileProtectionComplete feature (it's only available in ios 4 and greater).
Here is an example of creating a NSPersistentStoreCoordinator for example.sqlite which is encrypted if used on ios4.
- (NSPersistentStoreCoordinator *)persistentStoreCoordinator {
if (persistentStoreCoordinator != nil) {
return persistentStoreCoordinator;
}
NSString *storePath = [[self applicationDocumentsDirectory] stringByAppendingPathComponent: @"example.sqlite"];
NSURL *storeUrl = [NSURL fileURLWithPath:storePath ];
NSError *error = nil;
persistentStoreCoordinator = [[NSPersistentStoreCoordinator alloc] initWithManagedObjectModel: [self managedObjectModel]];
if (![persistentStoreCoordinator addPersistentStoreWithType:NSSQLiteStoreType configuration:nil URL:storeUrl options:nil error:&error]) {
// Handle error
}
if(RSRunningOnOS4OrBetter())
{
NSDictionary *fileAttributes = [NSDictionary dictionaryWithObject:NSFileProtectionComplete forKey:NSFileProtectionKey];
if (![[NSFileManager defaultManager] setAttributes:fileAttributes ofItemAtPath:storePath error:&error]) {
// Handle error
}
}
return persistentStoreCoordinator;
}
BOOL RSRunningOnOS4OrBetter(void) {
static BOOL didCheckIfOnOS4 = NO;
static BOOL runningOnOS4OrBetter = NO;
if (!didCheckIfOnOS4) {
NSString *systemVersion = [UIDevice currentDevice].systemVersion;
NSInteger majorSystemVersion = 3;
if (systemVersion != nil && [systemVersion length] > 0) { //Can't imagine it would be empty, but.
NSString *firstCharacter = [systemVersion substringToIndex:1];
majorSystemVersion = [firstCharacter integerValue];
}
runningOnOS4OrBetter = (majorSystemVersion >= 4);
didCheckIfOnOS4 = YES;
}
return runningOnOS4OrBetter;
}
Shane Powell
- 13,698
- 2
- 49
- 61
-
The above example will auto encrypt/decrypt for you on disk. You just access the DB as normal in your application using the above code. So you don't have to do anything. The only downside that I can see of the above code is that you can't access the DB when the device is locked as IOS can't decrypt it while it's locked. So a background application that accesses the DB while in the locked screen can't if they encrypt the DB with NSFileProtectionComplete. – Shane Powell Mar 26 '14 at 18:11
-
1