08-sqlite encryption

Source: Internet
Author: User
Tags openssl

About SQLite

SQLite is a lightweight, cross-platform, open-source database engine that has the advantage of read-write efficiency, total consumption, latency, and overall simplicity, making it the best solution for mobile platform databases (such as iOS, Android).

However, the free version of SQLite has a fatal disadvantage: encryption is not supported. This results in the data stored in SQLite can be seen by anyone using any text editor. For example, a home purchase iOS client DB cache data is unobstructed:

SQLite encryption method

There are two ways to encrypt a database:

1. Encrypt the content before writing to the database

This method is simple to use, in the storage/out of the library only need to do the corresponding encryption and decryption operations, to a certain extent, to solve the problem of naked exposure to data.

However, this method is not completely encrypted, because the database table structure and other information can be looked at. The search is also a problem when the content that is written to the database is encrypted.

2. Encrypt the database file

The whole database is encrypted, which basically can solve the information security problem of the database. The existing SQLite encryption is basically implemented in this way.

SQLite encryption Tool

There are several SQLite encryption tools available on the online query to the iOS platform:

SQLite encryption Extension (see)

In fact, SQLite has encryption and decryption interface, but the free version is not implemented. SQLite encryption Extension (see) is an encrypted version of SQLite, which provides the following encryption methods:

    1. RC4

    2. AES-128 in OFB mode

    3. AES-128 in CCM mode

    4. AES-256 in OFB mode

The SQLite encryption Extension (see) version is charged.

Sqliteencrypt

Using AES encryption, the principle is to implement the open source free version of SQLite does not implement the encryption-related interface.

The Sqliteencrypt is chargeable.

Sqlitecrypt

Using 256-bit AES Encryption, the principle and sqliteencrypt, like the implementation of SQLite encryption-related interface.

Sqlitecrypt is also a charge.

SQLCipher

The first thing to note is that Sqlcipher is fully open source and the code is hosted on GitHub.

Sqlcipher uses 256-bit AES encryption, because it is based on the free version of SQLite, the main encryption interface and SQLite are the same, but also added some of their own interfaces, see here for details.

Sqlcipher is divided into the fee version and the free version, the difference between the official website is:

Asier to setup, saving many steps in project configuration

Pre-built with a modern version of OpenSSL, avoiding another external dependency

Much faster for each build cycle because the library doesn ' t need to be built from scratch on each compile (build time can Be-to-95% faster with the static libraries)

It's easier to integrate, without having to add OpenSSL-dependent libraries, and compiles faster, without any difference in functionality. Just for the above convenience to spend hundreds of U.S. knives, for me and so hard to force Rd is not worth, fortunately there is a free version.

In view of the above SQLite encryption tool, only Sqlciper has a free version, the following would focus on the next sqlciper.

Using Sqlcipher in your project

In the project integration of the free version of the sqlcipher slightly complicated, fortunately, the official website to introduce the way the text is very detailed, the integration process please refer to the official website tutorial.

Initializing a database with Sqlcipher

The following code is from the official website, the role is to use Sqlcipher to create a new encrypted database, or open a database created with Sqlcipher.

  1. NSString *databasepath = [[Nssearchpathfordirectoriesindomains (NSDocumentDirectory, NSUserDomainMask, YES) OBJECTATINDEX:0]

  2. stringByAppendingPathComponent: @"cipher.db"];

  3. Sqlite3 *db;

  4. if (Sqlite3_open ([DatabasePath utf8string], &db) = = SQLITE_OK) {

  5. Const char* key = [@"Bigsecret" utf8string];

  6. Sqlite3_key (DB, Key, strlen (key));

  7. int result = SQLITE3_EXEC (db, (const char*) "SELECT COUNT (*) from sqlite_master;", NULL, NULL, NULL);

  8. if (result = = SQLITE_OK) {

  9. NSLog (@"password is correct, or, the database has been initialized");

  10. } Else {

  11. NSLog (@"Incorrect password! errcode:%d ", result);

  12. }

  13. Sqlite3_close (DB);

  14. }

It should be noted that when using Sqlite3_open to open or create a database, before doing any other operations on the database, you must first use Sqlite3_key to enter the password, otherwise it will cause the database operation failed, reported sqlite error code SQLITE_NOTADB.

Sqlite3_open Open the database successfully, and with Sqlite3_key input password, it can be normal to the database to increase, delete, change, check and other operations.

Using Sqlcipher to encrypt an existing database

Sqlcipher provides the Sqlcipher_export () function, which allows you to easily import a normal database into a sqlcipher encrypted database, in the following ways:

    1. $./sqlcipher plaintext.db

    2. sqlite> ATTACH DATABASE ' encrypted.db ' as encrypted KEY ' TestKey ';

    3. Sqlite> SELECT sqlcipher_export (' encrypted ');

    4. sqlite> DETACH DATABASE encrypted;

Unbind a database password using sqlcipher encryption

The Sqlcipher_export () function can also be decrypted by importing the contents of the Sqlcipher encrypted database into an unencrypted database, with the following methods:

    1. $./sqlcipher encrypted.db

    2. sqlite> PRAGMA key = ' TestKey ';

    3. sqlite> ATTACH DATABASE ' plaintext.db ' as plaintext key ';--empty KEY would disable encryption

    4. Sqlite> SELECT sqlcipher_export (' plaintext ');

    5. sqlite> DETACH DATABASE plaintext;

Overall, Sqlcipher is an easy-to-use, flexible database encryption tool.

In addition, I wrote a Sqlcipherdemo project put on the CSDN, the students need to download their own.

Reference documents

08-sqlite encryption

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.