On Fri, Jan 23, 2009 at 10:10 AM, <fc...@dialup4less.com> wrote: > I would like to: > 1) Encrypt/Encode a SQLite DB file from the command line (or via an > application) and > 2) De-Encrypt/Decode the same SQLite DB from within Cocoa/iPhone via a key of > some sort. > > Scenario: > I'm developing a game using data values stored within a SQLite DB file. I > don't want hackers > to pry into the DB file and cheat the game; yet I need to occasionally update > the SQLite DB file via > importing MS Excel data.
First let me say that you have two mutually exclusive requirements here. EITHER you can stop hackers from looking at and changing the file OR you can use the file, but you can't do both. What you're trying to do is technically equivalent to DRM, and we all know how well that works. If you put code on the user's system that has enough information to decrypt the file then you have necessarily given that user enough information to decrypt the file manually. You can obfuscate the stuff, you can hide it, you can play games with it, you can make it difficult, but you can never defeat a determined hacker. (And note that this goes just as much for the iPhone as for the Mac. Yes, standard iPhones are pretty well locked down, but jailbroken iPhones are as open as a desktop Mac and any hacker who wants to cheat is just going to jailbreak.) On to solutions, you basically have three: 1) Store encrypted blobs of data in the database. 2) Encrypt the entire database, decrypt it before using it. 3) Encrypt the entire database, decrypt on the fly and on demand. 1 is easy but loses a lot of the advantage of using a database in the first place. 2 is also easy but makes it trivial for your adversary to intercept your program while it has the decrypted database sitting right there on disk as a standard SQLite file that he can modify using standard command-line tools. Both of these would be done using CommonCrypto as mentioned in another message. 3 is going to be tough to implement yourself and is going to require modifying SQLite itself, I believe. If you search around you'll find a couple of commercial solutions for it at pretty reasonable prices, so depending on your needs and your financial situation that might be a reasonable way to go. But again, you can only make things harder, you can't actually stop knowledgeable people from breaking your protection and getting at your stuff anyway. Mike _______________________________________________ Cocoa-dev mailing list (Cocoa-dev@lists.apple.com) Please do not post admin requests or moderator comments to the list. Contact the moderators at cocoa-dev-admins(at)lists.apple.com Help/Unsubscribe/Update your Subscription: http://lists.apple.com/mailman/options/cocoa-dev/archive%40mail-archive.com This email sent to arch...@mail-archive.com
