在 iOS 上加密 SQLite 数据库文件 [英] Encrypting SQLite database file on iOS
问题描述
我的客户问我是否可以加密他的 iOS SQLite 文件.
我检查了这两个资源:
My client asked me if it is possible to encrypt his iOS SQLite file.
I checked this two resources:
加密&解密 Sqlite 文件(使用核心数据)
http://support.apple.com/kb/HT4175
如果我错了,请纠正我,该文件将被加密,因此没有人能够破解它(尽管我认为坚定的破解者是可能的).
Please correct me if I'm wrong, the file will be encrypted so no one will be able to crack into it (although it will be possible for a determined cracker I think).
Core Data 查询会照常运行,对吗?我的意思是没有性能损失,也没有不同的 API.
Core Data queries will run as usual right? I mean there is no performance penalty neither a different API.
推荐答案
您提供的链接讨论了在整个设备上加密存储;但是,如果目标是用户无法直接打开数据库文件,那么将无济于事,因为唯一可以防止您的数据在设备被盗的情况下被访问.它还依赖于用户进行设置,应用程序无法强制要求设备存储加密.
The links you provided talk about encrypting storage across the whole device; However if the goal is that the user not be able to open the database file directly then will not help you, as the only thing that protects against is your data being accessed in the event the device is stolen. It also relies on the user to set it up, the app cannot mandate that the device storage is encrypted.
基本上,想要加密存储背后的动机是什么?
Basically, what is the motivation behind wanting the storage encrypted?
基于响应链,我认为使用SQLLite的加密变体:
Based on the response chain, I think using the encrypted variant of SQLLite at:
是一个很好的解决方案.这会在数据库内容进入存储之前对其进行加密,这很棒.攻击者可能仍然能够找到您的代码中使用的密钥来解密数据库,但是您可以添加的任何防御层都会有所帮助.我不认为你可以将它与 CoreData 一起使用(因为它是建立在内置的 sqllite 库之上的),但你可能可以将它与像 FMDB 这样的包装器一起使用:
is a good solution. This encrypts database contents before they hit storage, which is great. An attacker still might be able to find the key used in your code to decrypt the database, but any layer of defense you can add will help. I don't think you could use that with CoreData (as it is built atop the built-in sqllite libraries) but you could probably use it with a wrapper like FMDB:
这篇关于在 iOS 上加密 SQLite 数据库文件的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
