How to store a SQLite database securely in iphone..?

Question

I have a SQLite database which contains confidential information. So my concern is how do I store it in iPhone so that it is secure and hackers can't get to it. I looked into hardware encryption provided by ipad but could't figure it out how to use that.Any Help is appreciated...

Answer 1

You may look at different approaches for soulution of your problem.

• Encrypt values, stored in CoreData with md5 + salt encryption. You can generate special key, based on user device UUID and some additional "salt" to store data. Be careful, Apple is going to depreciate device personalization values in future. But on the other side, you may recieve special key by user authentification and recieving this key from post request. For encryption you can use built in framework: #import <CommonCrypto/CommonDigest.h>. There are a lot of examples which you can find on the web.

• Encrypt whole sqlite file in documents folder. This can me quite tricky, and and have not faced this approach before.

EDIT: This is code sample which you can use to receive encrypted with md5 data: This is .h file

#import <Foundation/Foundation.h>

@interface NSString (MyExtensions)
- (NSString *) md5;
@end

@interface NSData (MyExtensions)
- (NSString *)md5;
@end

this is .m file:

#import "MyExtensions.h" //here should be your .h file name
#import <CommonCrypto/CommonDigest.h> // Need to import for CC_MD5 access

@implementation NSString (MyExtensions)
- (NSString *) md5
{
    const char *cStr = [self UTF8String];
    unsigned char result[16];
    CC_MD5( cStr, strlen(cStr), result ); // This is the md5 call
    return [NSString stringWithFormat:
            @"%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x",
            result[0], result[1], result[2], result[3], 
            result[4], result[5], result[6], result[7],
            result[8], result[9], result[10], result[11],
            result[12], result[13], result[14], result[15]
            ];  
}
@end

@implementation NSData (MyExtensions)
- (NSString *)md5
{
    unsigned char result[16];
    CC_MD5( self.bytes, self.length, result ); // This is the md5 call
    return [NSString stringWithFormat:
            @"%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x",
            result[0], result[1], result[2], result[3], 
            result[4], result[5], result[6], result[7],
            result[8], result[9], result[10], result[11],
            result[12], result[13], result[14], result[15]
            ];  
}
@end

So if you include this files to any place of your code, you can simply call this function:

NSString *myStringToEncrypt = @"Confidential information";
NSString *myMD5 = [myStringToEncrypt md5];

btw: you should know, that MD5 function is just hash function, which returns you control sum of data. If you want to encrypt, you could look at AES256 encryption method. CommonCrypto also provides it. Approach depends on your goals.

Answer 2

Your can use http://sqlcipher.net/ (SQLLite with AES Encryption) - but this has some serious implications (export restriction stuff and does not integrate with CoreData).

Answer 3

I think you can create a password protected zip file of your database. You can unzip it when you need it.