Reprinted from https://www.cnblogs.com/dagueo/p/3747858.html
See https://stackoverflow.com/questions/16575012/open-source-sqlite-database-encryption-supported-by-entity-framework
About SQLite
SQLite is a lightweight, cross-platform, open source database engine. Its advantages in read and write efficiency, total consumption, latency and overall simplicity make it the best solution for mobile platform databases (eg iOS, Android).
However, the free version of SQLite has a fatal flaw: it does not support encryption. This results in data stored in SQLite that can be viewed by anyone with any text editor.
SQLite encryption method
There are two approaches to database encryption:
1. Encrypt the content before writing to the database
This method is simple to use. You only need to perform the corresponding encryption and decryption operations on the fields when entering/exiting the warehouse, which solves the problem of naked exposure of data to a certain extent.
However, this method is not completely encrypted, because information such as the table structure of the database can still be viewed. In addition, after the content written to the database is encrypted, searching is also a problem.
2. Encrypt the database file
Encrypting the entire file of the entire database can basically solve the information security problem of the database. The existing SQLite encryption is basically implemented in this way.
SQLite encryption tool
At present, the SQLite encryption tools available on the iOS platform are as follows:
In fact, SQLite has an encryption and decryption interface, but the free version does not implement it. The SQLite Encryption Extension (SEE) is an encrypted version of SQLite that provides the following encryption methods:
- RC4
- AES-128 in OFB mode
- AES-128 in CCM mode
- AES-256 in OFB mode
SQLite Encryption Extension (SEE) version is available for a fee.
The principle of using AES encryption is to implement encryption-related interfaces that are not implemented by the open source free version of SQLite.
SQLiteEncrypt is charged.
Using 256-bit AES encryption, the principle is the same as that of
SQLiteEncrypt
, which implements the encryption-related interfaces of SQLite.
SQLiteCrypt is also charged.
The first thing to note is that SQLCipher is completely open source and the code is hosted on
Github
.
SQLCipher uses 256-bit AES encryption. Since it is based on the free version of SQLite, the main encryption interface is the same as SQLite, but it also adds some of its own interfaces. See
here
.
SQLCipher is divided into a paid version and a free version. The differences introduced on the official website are:
| asier to setup, saving many steps in project configuration
pre-built with a modern version of OpenSSL, avoiding another external dependency
much faster for each build cycle because the library doesn't need to be built from scratch on each compile (build time can be up to 95% faster with the static libraries)
|
只是集成起来更简单,不用再添加OpenSSL依赖库,而且编译速度更快,从功能上来说没有任何区别。仅仅为了上述一点便利去花费几百美刀,对于我等苦逼RD来说太不值了,还好有一个免费版本。
鉴于上述SQLite加密工具中,只有SQLCiper有免费版本,下面将将着重介绍下SQLCiper。
在项目中使用SQLCipher
在项目中集成免费版的SQLCipher略显复杂,还好官网以图文的方式介绍的非常详细,集成过程请参考
官网教程。
使用SQLCipher初始化数据库
下面这段代码来自官网,其作用是使用SQLCipher创建一个新的加密数据库,或者打开一个使用SQLCipher创建的数据库。
- NSString *databasePath = [[NSSearchPathForDirectoriesInDomains(NSDocumentDirectory, NSUserDomainMask, YES) objectAtIndex:0]
- stringByAppendingPathComponent: @"cipher.db"];
- sqlite3 *db;
- if (sqlite3_open([databasePath UTF8String], &db) == SQLITE_OK) {
- const char* key = [@"BIGSecret" UTF8String];
- sqlite3_key(db, key, strlen(key));
- int result = sqlite3_exec(db, (const char*) "SELECT count(*) FROM sqlite_master;", NULL, NULL, NULL);
- if (result == SQLITE_OK) {
- NSLog(@"password is correct, or, database has been initialized");
- } else {
- NSLog(@"incorrect password! errCode:%d",result);
- }
- sqlite3_close(db);
- }
需要注意的是,在使用sqlite3_open打开或创建一个数据库,在对数据库做任何其它操作之前,都必须先使用sqlite3_key输入密码,否则会导致数据库操作失败,报出sqlite错误码SQLITE_NOTADB。
在sqlite3_open打开数据库成功,而且用sqlite3_key输入密码以后,就可以正常的对数据库进行增、删、改、查等操作了。
使用SQLCipher加密已存在的数据库
SQLCipher提供了sqlcipher_export()函数,该函数可以方便的对一个普通数据库导入到SQLCipher加密加密的数据库中,操作方式如下:
- $ ./sqlcipher plaintext.db
- sqlite> ATTACH DATABASE 'encrypted.db' AS encrypted KEY 'testkey';
- sqlite> SELECT sqlcipher_export('encrypted');
- sqlite> DETACH DATABASE encrypted;
解除使用SQLCipher加密的数据库密码
sqlcipher_export()函数同样可以将SQLCipher加密后的数据库内容导入到未加密的数据库中,从而实现解密,操作方式如下:
- $ ./sqlcipher encrypted.db
- sqlite> PRAGMA key = 'testkey';
- sqlite> ATTACH DATABASE 'plaintext.db' AS plaintext KEY ''; -- empty key will disable encryption
- sqlite> SELECT sqlcipher_export('plaintext');
- sqlite> DETACH DATABASE plaintext;
总体来说,SQLCipher是一个使用方便,灵活性高的数据库加密工具。
另外,我写了个
SQLCipherDemo工程放到了
CSDN上,有需要的同学请自行下载。
参考文档