Reputation: 5116
Encrypt or partially encrypt Core Data database?
I was wondering... Is it possible to encrypt parts of or all of an existing Core Data application's database without losing features or relying deeply on third-party dependencies?
We could "roll our own" encryption because these particular fields do not need to be queried (it's metadata or binary data) ... but I don't want to affect the other parts of the database nor break everything that is already working.
We could also encrypt the whole DB. Not sure what is best.
Upvotes: 0
Views: 405
Answers (2)
Reputation: 46718
To add to what @Oleg posted, you can store binary data in a Core Data NSManagedObject. You can then encrypt your string and store it in that binary property.
The performance is poor and the property is not searchable at the store level (you can search once you have fetched since it would be unencrypted in memory) but it is doable.
Upvotes: 1
Reputation: 2802
When you create the persistent store , in the options parameter you can specify the NSPersistentStoreFileProtectionKey with NSFileProtectionComplete value , this will encrypt the database file when the device is locked and passcode is set, that should be good enough for operational data (not passwords and secrets).
Save sensitive data like client secrets and passwords in the keychain , not in the database , database encryption hack is a matter of time.
Upvotes: 1
Related Questions
- How can I get the size of a MySQL database?
- Passing data between view controllers
- How do I rename a MySQL database (change schema name)?
- Import SQL dump into PostgreSQL database
- What are the options for storing hierarchical data in a relational database?
- Core Data: Quickest way to delete all instances of an entity