-
Notifications
You must be signed in to change notification settings - Fork 364
Encryption
YapDatabase supports two different forms of encryption: whole-database encryption utilizing SQLCipher, and within the serializer/deserializer mechanism.
SQLCipher is a drop-in replacement for sqlite that transparently encrypts the entire database, and is available under a BSD-style license. SQLCipher support has been added as a Cocoapod subspec. Simply change your Podfile:
pod 'YapDatabase/SQLCipher'
If you aren't using the SQLCipher subspec, your project won't compile the encryption configuration options to prevent the case of accidentally trying to use encryption when support is not available.
You set the database passphrase by modifying the passphraseBlock of YapDatabaseOptions.
YapDatabaseOptions *options = [[YapDatabaseOptions alloc] init];
options.corruptAction = YapDatabaseCorruptAction_Fail;
options.passphraseBlock = ^{
// You can also do things like fetch from the keychain in here
return @"super secure passphrase";
};
self.database = [[YapDatabase alloc] initWithPath:databasePath
objectSerializer:NULL
objectDeserializer:NULL
metadataSerializer:NULL
metadataDeserializer:NULL
objectSanitizer:NULL
metadataSanitizer:NULL
options:options];passphraseBlock is intended to help prevent storing the credentials in memory any longer than necessary. This block will be executed on database setup, and when new connections are made to the database.
You can also choose to encrypt specific values using the serializer/deserializer mechanism. This method doesn't encrypt the entire database, and will leave your collections and keys in cleartext.