How can I encrypt CoreData contents on an iPhone
You can encrypt individual properties in your Core Data model entities by making them transformable properties, then creating an NSValueTransformer subclass which will encrypt and decrypt the data for that property. While this is not the whole-database decryption that you're looking for, it will have a much lower memory footprint than decrypting an entire database into memory. Additionally, it will allow the decryption to be done lazily, rather than all up front, so your application will load much faster. Depending on the encryption used, I would even expect that the on-disk data accesses for loading each entity would be slower than the decryption process for the properties, so you won't see that much of a performance penalty when accessing the properties.
Transformable properties like this are very easy to use, because you read and write to them as normal, while the encryption / decryption goes on behind the scenes.
How to enable Core Data Encryption on SwiftUI?
The NSPersistentContainer
has an array of persistentStoreDescriptions
, which you can modify before calling container.loadPersistentStores
. In fact, you already do this to change the store’s URL if inMemory
is true.
So to set the file protection option:
container = NSPersistentContainer(name: "TharmaTrack")
container.persistentStoreDescriptions.first!.setOption(FileProtectionType.complete as NSObject,
forKey: NSPersistentStoreFileProtectionKey)
Do I need to encrypt iOS Core Data?
You have a few options.
Assume the user has their passcode enabled, and know that that means the DB is encrypted when the device is locked. For some cases, this is enough.
Encrypt the Core Data using Encrypted Core Data. FYI, this does work, but it has lots of limitations and bugs. We used it in an enterprise app and I regret using it.
Move away from Core Data to SQLite with SQLCipher. This is what I prefer now.
Bear in mind that you still have to deal with the DB key if you do per-app encryption. You can do this in a number of ways.
- In many cases, you can just store the key in the Keychain and that's sufficient.
- You can also require passcode/Touch ID/Face ID when launching your app/accessing the keychain item
- Finally, you cal require the user to enter the passphrase
- Regardless of your choice, use a key-derivation function such as PBKDF2 ~100,000 times to make brute forcing harder. Never store the actual DB key (which is derived).
Related Topics
iOS - Spritekit - How to Calculate the Distance Between Two Nodes
iOS Document/File Type Associations - Wildcard Uti
Physicsbody Doesn't Adhere to Node's Anchor Point
Xcode 5 - "No Application Records Were Found" When Trying to Validate an Archive
Makekeywindow VS Makekeyandvisible
Change Pin Image on Mkmapview in Swift
Taking Photo with Custom Camera Swift 3
None of Your Accounts Are a Member, Code Signing Errors After Upgrading to Xcode 8
Read Binary Qr Code with Avfoundation
How to Determine File Size on Disk of a Video Phasset in iOS8
Using Uisheetpresentationcontroller in Swiftui
How to Create Scrollable Table in Skspritekit
How to Have Firebase Automatically Delete Values Older Than 30 Minutes
Binding Viewmodel and Textfields with Swiftui
iOS - Custom Table Cell Not Full Width of Uitableview
Is This a Bug with Mkmapkitdelegate Mapview:Didupdateuserlocation