About SQLite
SQLite is a lightweight, cross-platform, open-source database engine that has the advantage of read-write efficiency, total consumption, latency, and overall simplicity, making it the best solution for mobile platform databases (such as iOS, Android).
However, the free version of SQLite has a fatal disadvantage: encryption is not supported. This results in the data stored in SQLite can be seen by anyone using any text editor. For example, a home purchase iOS client DB cache data is unobstructed:
SQLite encryption method
There are two ways to encrypt a database:
1. Encrypt the content before writing to the database
This method is simple to use, in the storage/out of the library only need to do the corresponding encryption and decryption operations, to a certain extent, to solve the problem of naked exposure to data.
However, this method is not completely encrypted, because the database table structure and other information can be looked at. The search is also a problem when the content that is written to the database is encrypted.
2. Encrypt the database file
The whole database is encrypted, which basically can solve the information security problem of the database. The existing SQLite encryption is basically implemented in this way.
SQLite encryption Tool
There are several SQLite encryption tools available on the online query to the iOS platform:
SQLite encryption Extension (see)
In fact, SQLite has encryption and decryption interface, but the free version is not implemented. SQLite encryption Extension (see) is an encrypted version of SQLite, which provides the following encryption methods:
RC4
AES-128 in OFB mode
AES-128 in CCM mode
AES-256 in OFB mode
The SQLite encryption Extension (see) version is charged.
Sqliteencrypt
Using AES encryption, the principle is to implement the open source free version of SQLite does not implement the encryption-related interface.
The Sqliteencrypt is chargeable.
Sqlitecrypt
Using 256-bit AES Encryption, the principle and sqliteencrypt, like the implementation of SQLite encryption-related interface.
Sqlitecrypt is also a charge.
SQLCipher
The first thing to note is that Sqlcipher is fully open source and the code is hosted on GitHub.
Sqlcipher uses 256-bit AES encryption, because it is based on the free version of SQLite, the main encryption interface and SQLite are the same, but also added some of their own interfaces, see here for details.
Sqlcipher is divided into the fee version and the free version, the difference between the official website is:
Asier to setup, saving many steps in project configuration Pre-built with a modern version of OpenSSL, avoiding another external dependency Much faster for each build cycle because the library doesn ' t need to be built from scratch on each compile (build time can Be-to-95% faster with the static libraries) |
It's easier to integrate, without having to add OpenSSL-dependent libraries, and compiles faster, without any difference in functionality. Just for the above convenience to spend hundreds of U.S. knives, for me and so hard to force Rd is not worth, fortunately there is a free version.
In view of the above SQLite encryption tool, only Sqlciper has a free version, the following would focus on the next sqlciper.
Using Sqlcipher in your project
In the project integration of the free version of the sqlcipher slightly complicated, fortunately, the official website to introduce the way the text is very detailed, the integration process please refer to the official website tutorial.
Initializing a database with Sqlcipher
The following code is from the official website, the role is to use Sqlcipher to create a new encrypted database, or open a database created with Sqlcipher.
NSString *databasepath = [[Nssearchpathfordirectoriesindomains (NSDocumentDirectory, NSUserDomainMask, YES) OBJECTATINDEX:0]
stringByAppendingPathComponent: @"cipher.db"];
Sqlite3 *db;
if (Sqlite3_open ([DatabasePath utf8string], &db) = = SQLITE_OK) {
Const char* key = [@"Bigsecret" utf8string];
Sqlite3_key (DB, Key, strlen (key));
int result = SQLITE3_EXEC (db, (const char*) "SELECT COUNT (*) from sqlite_master;", NULL, NULL, NULL);
if (result = = SQLITE_OK) {
NSLog (@"password is correct, or, the database has been initialized");
} Else {
NSLog (@"Incorrect password! errcode:%d ", result);
}
Sqlite3_close (DB);
}
It should be noted that when using Sqlite3_open to open or create a database, before doing any other operations on the database, you must first use Sqlite3_key to enter the password, otherwise it will cause the database operation failed, reported sqlite error code SQLITE_NOTADB.
Sqlite3_open Open the database successfully, and with Sqlite3_key input password, it can be normal to the database to increase, delete, change, check and other operations.
Using Sqlcipher to encrypt an existing database
Sqlcipher provides the Sqlcipher_export () function, which allows you to easily import a normal database into a sqlcipher encrypted database, in the following ways:
$./sqlcipher plaintext.db
sqlite> ATTACH DATABASE ' encrypted.db ' as encrypted KEY ' TestKey ';
Sqlite> SELECT sqlcipher_export (' encrypted ');
sqlite> DETACH DATABASE encrypted;
Unbind a database password using sqlcipher encryption
The Sqlcipher_export () function can also be decrypted by importing the contents of the Sqlcipher encrypted database into an unencrypted database, with the following methods:
$./sqlcipher encrypted.db
sqlite> PRAGMA key = ' TestKey ';
sqlite> ATTACH DATABASE ' plaintext.db ' as plaintext key ';--empty KEY would disable encryption
Sqlite> SELECT sqlcipher_export (' plaintext ');
sqlite> DETACH DATABASE plaintext;
Overall, Sqlcipher is an easy-to-use, flexible database encryption tool.
In addition, I wrote a Sqlcipherdemo project put on the CSDN, the students need to download their own.
Reference documents
08-sqlite encryption