在iOS上加密SQLite数据库文件 [英] Encrypting SQLite database file on iOS
问题描述
我的客户端询问是否可以加密他的iOS SQLite文件。
我查了这两个资源:
加密&解密Sqlite文件(使用核心数据)
http:// support .apple.com / kb / HT4175
请更正我,如果我错了,该文件将被加密,所以没有人能够破解它(虽然可能会有一个确定的破解者,我认为)。
核心数据查询会照常运行吗?我的意思是,没有一个不同的API性能损失。
您提供的链接谈论在整个设备上加密存储;但是,如果目标是用户无法直接打开数据库文件,那么不会帮助您,因为在设备被盗的情况下,您唯一可以防范的是您的数据被访问。它还依赖于用户设置,应用程序不能强制设备存储被加密。
基本上,要加密存储的动机是什么? / p>
编辑:
基于响应链,我认为使用SQLLite的加密变体在:
是一个很好的解决方案。这会在数据库内容加密后才能进行存储,这是非常好的。攻击者仍然可以找到您的代码中使用的密钥来解密数据库,但是您可以添加的任何防御层将有所帮助。我不认为您可以使用CoreData(因为它是内置的sqllite库),但是您可能会使用像FMDB这样的包装器:
My client asked me if it is possible to encrypt his iOS SQLite file.
I checked this two resources:
Encrypt & Decrypt Sqlite file (Using Core Data)
http://support.apple.com/kb/HT4175
Please correct me if I'm wrong, the file will be encrypted so no one will be able to crack into it (although it will be possible for a determined cracker I think).
Core Data queries will run as usual right? I mean there is no performance penalty neither a different API.
The links you provided talk about encrypting storage across the whole device; However if the goal is that the user not be able to open the database file directly then will not help you, as the only thing that protects against is your data being accessed in the event the device is stolen. It also relies on the user to set it up, the app cannot mandate that the device storage is encrypted.
Basically, what is the motivation behind wanting the storage encrypted?
EDIT:
Based on the response chain, I think using the encrypted variant of SQLLite at:
is a good solution. This encrypts database contents before they hit storage, which is great. An attacker still might be able to find the key used in your code to decrypt the database, but any layer of defense you can add will help. I don't think you could use that with CoreData (as it is built atop the built-in sqllite libraries) but you could probably use it with a wrapper like FMDB:
这篇关于在iOS上加密SQLite数据库文件的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!