[MOD-2593] iOS: Add properties "hmacAlgorithm" and "hmacKdfIterations" to encrypted DB module

GitHub Issuen/a
Resolution Date2020-04-22T17:34:28.000+0000
Affected Version/sn/a
Fix Version/sn/a
ComponentsEncrypted SQLite DB
Labelsdatabase, encrypted_database, encryption, hash, ios, module, performance
ReporterJoshua Quick
AssigneeVijay Singh


*Summary:* The "appcelerator.encrypteddatabase" module's default settings for its hashing algorithm has changed recently from SHA1 to SHA512, with KDF iterations from 64000 to 256000. While this has made it much more secure, it comes at the cost of performance. On Android, the defaults changed in module v3.0.3. On iOS, the defaults changed in module v2.0.6. We should add new properties that allowing app developers to control these settings. (ie: Sacrifice security for speed or sacrifice speed for security.) *Requirements:* Add the following constants to the module. These must be integer IDs. * HMAC_SHA1 * HMAC_SHA256 * HMAC_SHA512 Add the following properties to the module. * hmacAlgorithm - to be assigned one of the above constants. Defaults to HMAC_SHA512. * hmacKdfIterations - to be assigned an integer. Defaults to 256000. Min value is 4000. The above properties are "stateful" like the password property. Meaning that they affect the next time you call the open() method. When opening an existing database with different hmac settings above, then the module must auto-migrate it to use the module's current hmac settings. *Usage Test:*
var database = require("appcelerator.encrypteddatabase");
database.password = "password";

//database.hmacAlgorithm = database.HMAC_SHA1;
database.hmacAlgorithm = database.HMAC_SHA256;
//database.hmacAlgorithm = database.HMAC_SHA512;

database.hmacKdfIterations = 64000;
//database.hmacKdfIterations = 128000;
//database.hmacKdfIterations = 256000;

var openStartTime = new Date();
var dbConnection = database.open("test_encrypted.db");
Ti.API.info("@@@ DB open duration: " + (new Date() - openStartTime) + " ms");

dbConnection.execute("CREATE TABLE IF NOT EXISTS test(id integer PRIMARY KEY, name TEXT);");
dbConnection.execute("INSERT OR REPLACE INTO test(id, name) VALUES (?, ?)", 1, "Hello World");




  1. Vijay Singh 2020-04-06 PR - https://github.com/appcelerator-modules/appcelerator.encrypteddatabase/pull/49
  2. Joshua Quick 2020-04-06 The attached [^DatabaseEncryptMigrationTest.js] script can help test this change. Particularly for testing the migration of the database when changing the hashing algorithm settings on the next time you open it. !DatabaseEncryptMigrationTest.png|thumbnail!
  3. Lokesh Choudhary 2020-04-22 Works as expected. Checked with module 2.1.0. Closing.

JSON Source