SQLite encryption mode [GO]

About SQLite

SQLite is a lightweight, cross-platform, open-source database engine that has the advantage of read-write efficiency, total consumption, latency, and overall simplicity, making it the best solution for mobile platform databases (such as iOS, Android). However, the free version of SQLite has a fatal disadvantage: encryption is not supported. This results in the data stored in SQLite can be seen by anyone using any text editor. SQLite Encryption MethodThere are two ways to encrypt a database: 1. Encrypt the content before writing to the databaseThis method is simple to use, in the storage/out of the library only need to do the corresponding encryption and decryption operations, to a certain extent, to solve the problem of naked exposure to data. However, this method is not completely encrypted, because the database table structure and other information can be looked at. The search is also a problem when the content that is written to the database is encrypted. 2. Encrypt the database fileThe whole database is encrypted, which basically can solve the information security problem of the database. The existing SQLite encryption is basically implemented in this way. SQLite Encryption ToolThere are several SQLite encryption tools available on the online query to the iOS platform: SQLite Encryption Extension (see)In fact, SQLite has encryption and decryption interface, but the free version is not implemented. SQLite encryption Extension (see) is an encrypted version of SQLite, which provides the following encryption methods:

1. RC4
2. AES-128 in OFB mode
3. AES-128 in CCM mode
4. AES-256 in OFB mode

The SQLite encryption Extension (see) version is charged. SqliteencryptUsing AES encryption, the principle is to implement the open source free version of SQLite does not implement the encryption-related interface. The Sqliteencrypt is chargeable. SqlitecryptUsing 256-bit AES Encryption, its principle andSqliteencrypt, it is the implementation of the encryption-related interface of SQLite. Sqlitecrypt is also a charge. SQLCipherThe first thing to note is that Sqlcipher is fully open source and the code is hosted inGithubOn Sqlcipher uses 256-bit AES encryption, because it is based on the free version of SQLite, the main encryption interface and SQLite are the same, but also added some of their own interfaces, see detailshere。 Sqlcipher is divided into the fee version and the free version, the difference between the official website is:

Asier to setup, saving many steps in project configuration pre-built with a modern version of OpenSSL, avoiding a nother external dependency much faster for each build cycle because the library doesn ' t need to is built from scratch on E Ach compile (build time can is up to 95% faster with the static libraries)

It's easier to integrate, without having to add OpenSSL-dependent libraries, and compiles faster, without any difference in functionality. Just for the above convenience to spend hundreds of U.S. knives, for me and so hard to force Rd is not worth, fortunately there is a free version. In view of the above SQLite encryption tool, only Sqlciper has a free version, the following would focus on the next sqlciper. using Sqlcipher in your projectIn the project integration of the free version of the sqlcipher slightly complicated, fortunately, the official website in the form of graphic introduction of very detailed, the integration process please refer toOfficial Tutorials。 initializing a database with SqlcipherThe following code is from the official website, the role is to use Sqlcipher to create a new encrypted database, or open a database created with Sqlcipher.

2. NSString *databasepath = [[Nssearchpathfordirectoriesindomains (NSDocumentDirectory, NSUserDomainMask, YES) OBJECTATINDEX:0]
4. stringByAppendingPathComponent: @"cipher.db"];
6. Sqlite3 *db;
8. if (Sqlite3_open ([DatabasePath utf8string], &db) = = SQLITE_OK) {
10. Const Char* key = [@"Bigsecret" utf8string];
12. Sqlite3_key (DB, Key, strlen (key));
14. int result = sqlite3_exec (db, (const char*) "SELECT COUNT (*) from Sqlite_ master; " , NULL, NULL, NULL);
16. if (Result = = SQLITE_OK) {
18. NSLog (@"password is correct, or, the database has been initialized");
20. } Else {
22. NSLog (@"Incorrect password! errcode:%d ", result);
24. }
28. Sqlite3_close (DB);
30. }

It should be noted that when using Sqlite3_open to open or create a database, before doing any other operations on the database, you must first use Sqlite3_key to enter the password, otherwise it will cause the database operation failed, reported sqlite error code SQLITE_NOTADB. Sqlite3_open Open the database successfully, and with Sqlite3_key input password, it can be normal to the database to increase, delete, change, check and other operations. using Sqlcipher to encrypt an existing databaseSqlcipher provides the Sqlcipher_export () function, which allows you to easily import a normal database into a sqlcipher encrypted database, in the following ways:

1. $./sqlcipher plaintext.db
2. sqlite> ATTACH DATABASE ' encrypted.db ' as encrypted KEY ' TestKey ';
3. Sqlite> SELECT sqlcipher_export (' encrypted ');
4. sqlite> DETACH DATABASE encrypted;

unbind a database password using sqlcipher encryptionThe Sqlcipher_export () function can also be decrypted by importing the contents of the Sqlcipher encrypted database into an unencrypted database, with the following methods:

1. $./sqlcipher encrypted.db
2. sqlite> PRAGMA key = ' TestKey ';
3. sqlite> ATTACH DATABASE ' plaintext.db ' as plaintext KEY '; --empty key would disable encryption
4. Sqlite> SELECT sqlcipher_export (' plaintext ');
5. sqlite> DETACH DATABASE plaintext;

Overall, Sqlcipher is an easy-to-use, flexible database encryption tool. In addition, I wrote aSqlcipherdemoThe project was put inCSDN, please download the necessary students. Reference DocumentsThe SQLite encryption Extension (see)SqliteencryptSqlitecryptSQLite with Encryption/password protectionSQLCipher