Re: Encryption: Simplest method to encrypt a SQLite DB file...?
Re: Encryption: Simplest method to encrypt a SQLite DB file...?
- Subject: Re: Encryption: Simplest method to encrypt a SQLite DB file...?
- From: Michael Ash <email@hidden>
- Date: Fri, 23 Jan 2009 11:21:38 -0500
On Fri, Jan 23, 2009 at 10:10 AM, <email@hidden> wrote:
> I would like to:
> 1) Encrypt/Encode a SQLite DB file from the command line (or via an application) and
> 2) De-Encrypt/Decode the same SQLite DB from within Cocoa/iPhone via a key of some sort.
>
> Scenario:
> I'm developing a game using data values stored within a SQLite DB file. I don't want hackers
> to pry into the DB file and cheat the game; yet I need to occasionally update the SQLite DB file via
> importing MS Excel data.
First let me say that you have two mutually exclusive requirements
here. EITHER you can stop hackers from looking at and changing the
file OR you can use the file, but you can't do both.
What you're trying to do is technically equivalent to DRM, and we all
know how well that works. If you put code on the user's system that
has enough information to decrypt the file then you have necessarily
given that user enough information to decrypt the file manually. You
can obfuscate the stuff, you can hide it, you can play games with it,
you can make it difficult, but you can never defeat a determined
hacker.
(And note that this goes just as much for the iPhone as for the Mac.
Yes, standard iPhones are pretty well locked down, but jailbroken
iPhones are as open as a desktop Mac and any hacker who wants to cheat
is just going to jailbreak.)
On to solutions, you basically have three:
1) Store encrypted blobs of data in the database.
2) Encrypt the entire database, decrypt it before using it.
3) Encrypt the entire database, decrypt on the fly and on demand.
1 is easy but loses a lot of the advantage of using a database in the
first place. 2 is also easy but makes it trivial for your adversary to
intercept your program while it has the decrypted database sitting
right there on disk as a standard SQLite file that he can modify using
standard command-line tools. Both of these would be done using
CommonCrypto as mentioned in another message.
3 is going to be tough to implement yourself and is going to require
modifying SQLite itself, I believe. If you search around you'll find a
couple of commercial solutions for it at pretty reasonable prices, so
depending on your needs and your financial situation that might be a
reasonable way to go.
But again, you can only make things harder, you can't actually stop
knowledgeable people from breaking your protection and getting at your
stuff anyway.
Mike
_______________________________________________
Cocoa-dev mailing list (email@hidden)
Please do not post admin requests or moderator comments to the list.
Contact the moderators at cocoa-dev-admins(at)lists.apple.com
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden