Core Data and Encryption

by Marcus Zarra

Just a quick post to point out a great article written by Nick Harris of NewsGator fame. He has looked into the issues with Core Data and encryption.

Core Data and Enterprise iPhone Applications – Protecting Your Data

It has always been a difficult question and fortunately Apple has addressed it for us. Even better, Nick has shared the code so we don’t even need to try and discover the solution ourselves.

Thanks Nick!

Marcus Zarra

Marcus S. Zarra is a founding partner of MartianCraft, LLC. He has been developing Cocoa software since 2003, Java software since 1996, and has been in the industry since 1985. Currently Marcus is producing software for iOS and OS X. In addition to writing software, he assists other developers by blogging about development and supplying code samples on Cocoa Is My Girlfriend. Marcus is also the author of Core Data (2nd edition): Data Storage and Management for iOS, OS X, and iCloud and Co-Author of Core Animation: Simplified Animation Techniques for Mac and iPhone Development. You can find Marcus on Twitter, on App.net and on StackOverflow.

More Posts - Website

Follow Me:


I’ve just also read the article from Nick als well as the notes from Anthony http://anthonyvance.com/blog/forensics/ios4_data_protection/ but it answers only the question how to protect data generated on the device itself. What about if you ship valuable data with your app. I guess you have to encrypt table content in your sqlite database and use a built-in decryption engine?! I’m always using core data so there is no way to use SQLCipher (http://www.zetetic.net/code/sqlcipher). As far as I understand relies the built-in hardware encryption from Apple on the fact, that the user uses a passcode!

Marcus Zarra says:

If you want to ship data then you can consider encrypting the entire file, decrypting it on first launch and putting the decrypted version into the ~/Documents directory.

I used NSValueTransformer to do encryption/decryption using Apples CommonCryptor Toolbox(AES128) so far. Just checking how this affects US export regulations.

ikaroweb says:

Hi How can i encrypt a sqlite database? Thanks in advance ika.