We are new to iOS development and are planning to move our mobile application from Windows to iPad. Our data must be encrypted and FIPS 140 compliant. We are evaluating the use of SQLite and CoreData for the underlying data storage. In the RDBMS world, we are looking at around 50 tables with row counts in the 10’s of thousands for some tables. Does SQL Cipher work nativly with CoreData? Any advice on which platform we should choose would be appreciated.
SQLCipher provides a SQLite compatible native interface, along with a number of different API wrappers on different platforms. CoreData is an API for iOS that provides an abstraction layer, though SQLCipher doesn’t directly implement a CoreData provider. However there is a third party Open Source project called Encrypted Core Data that implements a provider using SQLCipher as an encrypted data store.
We don’t usually make recommendations on whether to use the native SQLite APIs or CoreData, since the decision really depends on the specific application requirements. There are numerous discussions on the internet that weight the pros and cons. Here is a decent discussion on Stack Overflow, for reference.
In general, If portability of databases and the ability to customize the solution is a requirement, then using the SQLite API (or a light wrapper around it like FMDB) might be more appropriate. However, if you are primarily looking for an iOS solution and can live with the restrictions CoreData enforces, then it might be worth considering.
Finally, we do offer an option under the SQLCipher Enterprise program for a SQLCipher FIPS package that facilitates compliance by utilizing a FIPS 140-2 certified cryptography library that has independently obtained FIPS 140-2 status.