2

I'm building a secure app that needs to encrypt the Core Data database using AES256 in CBC mode. I've used this encryption via the CCCrypto library in the past.

I've seen this previous question, and the answers there, but didn't find a definitive answer on how to encrypt an entire Core Data SQLite database.

I know there are some ciphering libraries (sqlcipher etc), but I still want to understand the best practices for doing this. Does anyone have suggestions as to the best way to achieve this encryption?

Community
  • 1
  • 1
the.evangelist
  • 488
  • 5
  • 18

2 Answers2

4

The simple answer is to let the OS do the encryption for you. While you can probably encrypt and decrypt the DB at runtime on your own, you run the risk of your application terminating or being terminated in an open state and then the data being unprotected. If you utilize the OS level encryption then you can avoid this risk.

Nick Harris wrote up an excellent post on this subject last year.

Marcus S. Zarra
  • 46,571
  • 9
  • 101
  • 182
0

Is your design pattern for this problem to decrypt the db at runtime and use it then re-encrypt it when the app closes? Or are you looking to encrypt attributes within the objects?

I might choose encrypting attributes. For example, you had a sensitive object called MyCustomerData which has various attributes like names, phone numbers and credit cards. It could conform to the NSCoding protocol and be made into a NSData object which could then be encrypted with AES. This encrypted NSData can be stored in an CoreData data attribute.

I think a plus here might be that you could have other non sensitive attributes that are not encoded and these could benefit from the standard features of CoreData like NSFetchedResultsControllers and NSPredicates.

NWCoder
  • 5,296
  • 1
  • 26
  • 23