I haven't been able to determine whether Realm is encrypted by default on iOS. Can someone help me understand?
From the Realm Documentation section about Using Realm with Background App Refresh:
On iOS 8 and above, files inside apps are automatically encrypted using NSFileProtection whenever the device is locked. If your app attempts to do any work involving Realm while the device is locked and the
NSFileProtection
attributes of your Realm files are set to encrypt them (which is the case by default), anopen() failed: Operation not permitted
exception will be thrown.
Beyond that Realm brings its own native file Encryption support.
Realm supports encrypting the database file on disk with AES-256+SHA2 by supplying a 64-byte encryption key when creating a Realm.
// Generate a random encryption key let key = NSMutableData(length: 64)! SecRandomCopyBytes(kSecRandomDefault, key.length, UnsafeMutablePointer<UInt8>(key.mutableBytes)) // Open the encrypted Realm file let config = Realm.Configuration(encryptionKey: key) do { let realm = try Realm(configuration: config) // Use the Realm as normal let dogs = realm.objects(Dog).filter("name contains 'Fido'") } catch let error as NSError { // If the encryption key is wrong, `error` will say that it's an invalid database fatalError("Error opening realm: \(error)") }
This makes it so that all of the data stored on disk is transparently encrypted and decrypted with AES-256 as needed, and verified with a SHA-2 HMAC. The same encryption key must be supplied every time you obtain a Realm instance.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With