I'm developing a healthcare iOS app. I'd like my users' data to be encrypted so if their iPhone is stolen, the thief won't be able to access their health info. The rightful owner SHOULD be able to access their information (so different than this question).
I'm considering using SQLCipher to encrypt the entire DB, and putting the SQLCipher password in Keychain.
Is this a good technique?
Also, do I understand correctly that--since everything is on the device--a determined hacker will be able to break in no matter what?
You can password protect a SQLite3 DB. Before doing any operations, set the password as follows. conn = new SQLiteConnection("Data Source=MyDatabase. sqlite;Version=3;Password=password;"); conn.
SQLite is highly portable, meaning it can run on almost any platform, including Windows, macOS, Linux, Android, and iOS.
The SQLite Store is a set of database files, which is deployed on the untrusted area. However, data on the SQLite Store are protected with the authenticated encryption scheme, making data tampering and eavesdropping impossible.
SQLite doesn't support encrypting database files by default. Instead, you need to use a modified version of SQLite like SEE, SQLCipher, SQLiteCrypt, or wxSQLite3.
Aim for two-factor encryption: you should encrypt the DB as described, but require the user to enter in a password each time they launch the application. The DB's key would be a hash of the password, salted with a nonce. Store the password salt in the keychain.
A determined hacker could could get to the encrypted SQLite database through filesystem access. If they were able to break the keychain encryption, they would easily be able to crack the database, but by requiring a password (or passphrase) from the user, it helps against that attack.
I think that your solution make sens. It gives quite good security and keep your app simple to use.
The main thing you are geting with keychain is that the user backups are secured because keychain content isn't backed up with iphone. (But I guess you know that already)
But this is huge security plus as the potential hacker will have to get physical access to the iphone. Moreover if the iphone is blocked by pin it is likely that the only quick way to get the data out is to physically access the flash memory of the device which isn't the easiest thing to do.
To be honest I don't believe that users will use your app if you force them to enter long passwords. And if you let them use any password their like, hackers will be able to break the database encryption using dictionary attack.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With