ANN: Database encryption on iOS (pre-release)

[Jens Alfke]

The master branch of the couchbase-lite-ios repo now includes optional on-disk database encryption. It uses SQLCipher (a variant of SQLite) to encrypt the database file, while attachments are individually encrypted with AES-256. Full instructions are on the wiki.

This feature will be released in Couchbase Lite 1.1, but you can try it out now by checking out and building from the master branch. (Please note that the master branch already has other post-1.0.3 changes including an incompatible change to the file format.) We’d love to get feedback from you.

It’s pretty easy to adopt if you also use the available CBLEncryptionController class, which is a utility that runs the user interaction to prompt for passwords. It will even use Touch ID, if available, to store a randomly-generated AES key, so the user doesn’t need a password at all. (I can say from experience that using your thumbprint to unlock your app’s database is pretty cool. I’m storing all of my missile launch codes and international money laundering paperwork in Couchbase Lite now.)

We don’t expect most developers to use this feature — the iOS filesystem is already pretty well encrypted — but there are apps for which such encryption is a requirement (often due to health-care or banking laws, or corporate policies) so this feature has been a blocker for some people.

(Yes, encryption is coming to our other platforms as well.)

—Jens

[dyowee]

This is awesome sir. Would it affect performance?

[Jens Alfke]

On Feb 17, 2015, at 9:08 PM, dyowee <csharpen...@gmail.com> wrote:

This is awesome sir. Would it affect performance?

The SQLCipher website cites a 10-15% slowdown. (It would be a lower percentage for CBL because we don’t spend all our time in SQLite code, of course.)

—Jens