SQLite Encryption--SQLCipher

SQLite3 plugin GitHub

Plug-in configuration step address

Purchase Address

Other encryption methods introduced

SQLCipher API Address

Objective

Applications use SQLite to store data, and many times need to encrypt part of the data. The common practice is to encrypt the content to be stored in the database and then decrypt the data when it is used. This will have a lot of performance consumption in the data encryption and decryption.

SQLite itself is an encryption-enabled feature (the free version does not provide encryption, and the commercial version is supported by cryptographic modules). SQLCipher is an open source SQLite encryption extension that supports 256-bit AES encryption of DB files.

　　

Encryption vs. non-encrypted databases

Open Terminal to enter the following,

~ $ sqlite3 sqlcipher.dbsqlite> PRAGMA key= ' test123′;sqlite> CREATE TABLE T1 (A, b);sqlite> INSERT into T1 (A, b) VAL UES (' One for the money ', ' both for the show ');sqlite> quit~$ hexdump-c sqlite.db

　　

Results:

　　

Configuration steps

1. Download the SQLCipher plugin to GitHub and store it in the project root directory.

2. Sqlcipher.xcodeproj is added to the project in the form of a static library.

3. Associating a newly added static library

　　

4. Set Build Setting

"Header Search Path" added, ". /sqlcipher/src ", here you need to pay attention to the relationship of paths.

"Other C Flags" add "-dsqlite_has_codec"

Examples of use in projects

#import <sqlite3.h>-(void) openDB2 {nsstring *documentpath = Nssearchpathfordirectoriesindomains (    NSDocumentDirectory, Nsuserdomainmask, YES) [0];    NSString *db2path = [Documentpath stringbyappendingpathcomponent:db2name];        if (Sqlite3_open ([Db2path utf8string], &database2) = = SQLITE_OK) {Const char* key = [@ ' Eileen ' utf8string]; Sqlite3_key (Database2, Key, strlen (key));//if (Sqlite3_exec (Database2, (const char*) "CREATE TABLE T1 (A, B)            ; ", NULL, NULL, NULL) = = SQLITE_OK) {//NSLog (@" Password is correct, or, database has been Initializ ");// } else {//NSLog (@ "Incorrect password!");                 /}//Sqlite3_close (DATABASE2);             if (Sqlite3_exec (Database2, "INSERT into T1 (A, b) VALUES (' qqqqqqq ', ' pppppp ')", NULL, NULL, NULL) ==SQLITE_OK) {         NSLog (@ "password is correct");         } else {NSLog (@ "password error");        } sqlite3_stmt *statement = NULL; SqlITE3_PREPARE_V2 (Database2, "Select a, b from T1",-1, &statement, NULL);            while (sqlite3_step (statement) = = Sqlite_row) {char *field0 = (char*) sqlite3_column_text (statement, 0);            NSString *field0str = @ "";            if (field0) {field0str = [nsstring stringwithutf8string:field0];            } char *field1 = (char*) sqlite3_column_text (statement, 1);            NSString *field1str = @ "";            if (field1) {field1str = [nsstring stringwithutf8string:field1];        } NSLog (@ "A =%@, B =%@;", Field0str, FIELD1STR);    } sqlite3_finalize (statement);    } else {sqlite3_close (DATABASE2); }｝

Install SQLCipher on Terminal

In general, the following 2 sentences can be executed in Terminal, refer to:

$./configure--enable-tempstore=yes cflags= "-dsqlite_has_codec" ldflags= "-lcrypto"    ; #  Run the Configure script$ make    ; #  Run the makefile.

1, cd to download good Sqlcipher directory, and execute

$./configure--enable-tempstore=yes cflags= "-dsqlite_has_codec" ldflags= "-lcrypto"

　　

2. Input

$ make

2.1. An error has occurred,

sqlite3.c:18280:10: fatal error: ' openssl/rand.h ' File not found

#include <openssl/rand.h>

See:

Workaround, enter:

$ Brew Link OpenSSL--force

　　

2.2. An error occurred, "-bash:brew:command not Found", proving that the OS has not been installed Homebrew. (Homebrew is installed with Xcode, and Command line Tools is installed, Terminal input "gcc--version" check)

Workaround, enter:

$-E "$ (curl-fssl https://raw.githubusercontent.com/Homebrew/install/master/install)"

2.3. After installing the Homebrew, re-execute

$ Brew Link OpenSSL--force

An error has occurred: "Error:No Such keg:/usr/local/cellar/openssl

Workaround, using Brew to install OpenSSL, enter:

$ Brew Install OpenSSL

　　

　　

2.4. After installing OpenSSL, re-execute

$ Brew Link OpenSSL--force

　　

After execution, then re-execute

$ make

　　

The error "make:nothing to being done for ' all ' occurs when you perform a make operation multiple times, and the workaround, enter:

$ make clean//re-execute $ make

　　

3, the implementation of the previous 2 steps, the Sqlcipher directory will be more than one Sqlcipher file for the Terminal management database.

　　

　

Terminal View and modify password management for a database

CD to the directory of the newly generated Sqlcipher file, perform the following operation, reference.

1. Use SQLCipher to encrypt existing databases

　　

2. Unlock the encrypted database password using SQLCipher

$./sqlcipher encrypted.db sqlite> PRAGMA key = ' TestKey '; sqlite> ATTACH DATABASE ' plaintext.db ' as plaintext KEY ';  

　　

Attention

Some software encryption methods are not public, such as Mac Sqlitemanager generated encrypted. db files cannot be decrypted in the program open. The encrypted. db files generated inside the program cannot be opened with the Sqlitemanager on your Mac.

The free version of the project code does not provide the following features:

• When the database is created, no password is used , and password management cannot be added after Sqlite3_key;
• On the creation of the database has been set password management, can not remove its password management, can only reset the new password;

SQLite Encryption--SQLCipher