Following yesterday discussion:
http://oksoclap.com/p/iOS_Meeting_(Security)
and minute:
http://transcripts.jboss.org/meeting/irc.freenode.org/aerogear/2013/aerogear.2013-10-08-13.55.html
and after some research, I think:
-
we don't have much to do iOS Data Protection (passcode activated). Don't need to write a wrapper on that.
-
asymmetric encryption is slower by 100x than symmetric encryption which explains it's not really used for DB.
-
SQLCipher as said yesterday used only symmetric encryption. It is not based on CC but used OpenSSL. It provides 256-bit AES encryption of database files. It's available on CocoaPod. It might be easier to set up that static libs as described here http://stevenpsmith.wordpress.com/2012/04/30/securing-data-in-ios-apps/ can be used with FMDB very easily although I haven't test it yet. I
[database setKey:@"B!GSecret"];
after each database open statement.=> let's go for it with symmettric encryption (at least with first version: only one line of code)
-
RNCryptic is for sure a good starting point. Could we re-use? http://robnapier.net/blog/aes-commoncrypto-564
-
In RNCryptic, interesting part on asynchronous: encryption can be slow (asymmetric) some thing to think about when designing API
-
Questions I still have:
- How to encrypt CoreData?
- How to encrypt AGPropertyListStorage (potentially large DB)
- same for memory db
profile deployed to force :
http://stackoverflow.com/questions/3806455/how-can-i-find-out-if-the-iphone-user-currently-has-a-passcode-set-and-encryptio
See answer 3
On sync subject:
https://github.com/overcommitted/ParcelKit/blob/master/README.md