Is Core Data Encrypted

Does Core Data encrypt the persistent store it manages? The answer is yes and no. Core Data doesn't encrypt the data you store in the persistent store, but it is possible to enable encryption. Let me explain what that means and how it works.

Enabling Encryption

Enabling encryption is easy to add. You can add a persistent store to the persistent store coordinator by invoking the addPersistentStore(ofType:configurationName:at:options:) method. In this example, the application adds a persistent store, a SQLite database, to the persistent store coordinator. The third argument of addPersistentStore(ofType:configurationName:at:options:), persistentStoreURL, defines the location of the persistent store. This should look familiar.

do {
    // Add Persistent Store
    try persistentStoreCoordinator.addPersistentStore(ofType: NSSQLiteStoreType,
                                                      configurationName: nil,
                                                      at: persistentStoreURL,
                                                      options: nil)
} catch {
    // Error Handling
    ...
}

To enable encryption, you need to pass a dictionary of options as the last argument of addPersistentStore(ofType:configurationName:at:options:). You need to set a value for key NSPersistentStoreFileProtectionKey. The possible options are:

  • complete: This is the most strict form of protection. The persistent store cannot be read from or written to if (1) the device is locked or (2) when the device is booting.
  • completeUnlessOpen: This option is less strict. As the name implies, the file is stored in an encrypted format from the moment it is no longer open.
  • completeUntilFirstUserAuthentication: This option offers basic protection. It simply means that the file is encrypted until the device has booted. If you power down your device, the persistent store is stored on disk in an encrypted format. This is the default option as of iOS 5.0.
  • none: It is possible to disable encryption entirely by setting the value for the NSPersistentStoreFileProtectionKey key to none. This isn't recommended, though. The vast majority of applications should, as a minimum, stick with the default option, that is, completeUntilFirstUserAuthentication.
do {
    // Define Options
    let options: [AnyHashable: Any] = [
        NSPersistentStoreFileProtectionKey: FileProtectionType.complete
    ]

    // Add Persistent Store
    try persistentStoreCoordinator.addPersistentStore(ofType: NSSQLiteStoreType,
                                                      configurationName: nil,
                                                      at: persistentStoreURL,
                                                      options: options)
} catch {
    // Error Handling
    ...
}

Is Core Data Safe/Secure

This question is closely related to the previous question. As a developer, you decide how safe or secure the data your application stores in the persistent store is. You do this by defining the file protection type of the persistent store.