[guardian-dev] Understanding IOCipher

Hans-Christoph Steiner hans at guardianproject.info
Mon Feb 22 03:10:58 EST 2016


it is literally a filesystem implemented in SQLCipher.  Then instead of
mounting it, which requires root, it provides an API that is the same as
java.io.File, so it is easy to use the IOCipher filesystem as the base
filesystem for an app.  It is not easy, on the other hand, to use a
IOCipher filesystem at the same time as the regular filesystem.  That is
by design since if an app needs to encrypt some of the files, it might
as well encrypt them all to prevent accidental leaks.

.hc

Jabber Wocky:
> Ah, thank you Nathan! I originally started reading about IOCipher on
> ChatSecure's github site. They described IOCipher as follows: "IOCipher
> allows you to create an encrypted virtual file store within a
> SQLite/SQLCipher database..."  So now I understand based on your response.
> IOCipher is basically a SQLCipher database with the added ability
> read/write files inside of it.
> 
> -JW
> 
> On Mon, Feb 8, 2016 at 11:18 AM, Nathan of Guardian <
> nathan at guardianproject.info> wrote:
> 
>>
>> On Mon, Feb 8, 2016, at 11:06 AM, Jabber Wocky wrote:
>>> I'm trying to understand some basics of IOCipher. The documentation
>>> states
>>> it to be a "virtual encrypted disk" but then mentions it is based on
>>> SQLCipher.  Does this mean that IOCipher is actually an encrypted SQLite
>>> database?  Just trying to understand... Thanks for any responses!
>>
>> Yes! It was Hans' brilliant idea to use libSQLFS ("a library that
>> implements a POSIX style filesystem on top of an SQLite database" on top
>> of SQLCipher. It has worked like a charm, in production use by 100,000s
>> of users in ChatSecure, Courier, CameraV (where we record and play
>> videos into it) and other apps.
>>
>> https://github.com/guardianproject/libsqlfs
>> https://github.com/guardianproject/iocipher
>>
>>
>> --
>>   Nathan of Guardian
>>   nathan at guardianproject.info
>> _______________________________________________
>> List info: https://lists.mayfirst.org/mailman/listinfo/guardian-dev
>> To unsubscribe, email:  guardian-dev-unsubscribe at lists.mayfirst.org
>>
> 
> 
> 
> _______________________________________________
> List info: https://lists.mayfirst.org/mailman/listinfo/guardian-dev
> To unsubscribe, email:  guardian-dev-unsubscribe at lists.mayfirst.org
> 

-- 
PGP fingerprint: EE66 20C7 136B 0D2C 456C  0A4D E9E2 8DEA 00AA 5556
https://pgp.mit.edu/pks/lookup?op=vindex&search=0xE9E28DEA00AA5556


More information about the guardian-dev mailing list