[guardian-dev] Understanding IOCipher

Hans-Christoph Steiner hans at guardianproject.info
Mon Feb 22 04:16:31 EST 2016


Thanks for the feedback, glad to hear its useful!  I definitely
recommend checking out CacheWord for managing keys, it works seamlessly
with both SQLCipher-for-Android and IOCipher.

https://guardianproject.info/code/cacheword

As for shrinking containers, that is possible using the SQLite 'vacuum'
command.  But since SQLCipher will reuse that space, we haven't needed
to implement the vacuum stuff. We'd definitely help if someone wanted to
take it on because it would be good to have.

Here's the issue to track that:
https://dev.guardianproject.info/issues/171

.hc

zoki:
> Hello devs!
> 
> I really like this library, it's working great, especially in combination
> with SQLCipher.
> The only thing i'm missing is an option to shrink container file. Now
> deleting a file doesn't do a lot, because it won't free up disk space.
> 
> Do you have any plan on implementing container shrinking, or at least some
> use case or advise how to implement that correctly?
> 
> Thanks!
> 
> Zoran Smilevski
> 
> On Mon, Feb 22, 2016 at 9:19 AM Hans-Christoph Steiner <
> hans at guardianproject.info> wrote:
> 
>>
>> it is literally a filesystem implemented in SQLCipher.  Then instead of
>> mounting it, which requires root, it provides an API that is the same as
>> java.io.File, so it is easy to use the IOCipher filesystem as the base
>> filesystem for an app.  It is not easy, on the other hand, to use a
>> IOCipher filesystem at the same time as the regular filesystem.  That is
>> by design since if an app needs to encrypt some of the files, it might
>> as well encrypt them all to prevent accidental leaks.
>>
>> .hc
>>
>> Jabber Wocky:
>>> Ah, thank you Nathan! I originally started reading about IOCipher on
>>> ChatSecure's github site. They described IOCipher as follows: "IOCipher
>>> allows you to create an encrypted virtual file store within a
>>> SQLite/SQLCipher database..."  So now I understand based on your
>> response.
>>> IOCipher is basically a SQLCipher database with the added ability
>>> read/write files inside of it.
>>>
>>> -JW
>>>
>>> On Mon, Feb 8, 2016 at 11:18 AM, Nathan of Guardian <
>>> nathan at guardianproject.info> wrote:
>>>
>>>>
>>>> On Mon, Feb 8, 2016, at 11:06 AM, Jabber Wocky wrote:
>>>>> I'm trying to understand some basics of IOCipher. The documentation
>>>>> states
>>>>> it to be a "virtual encrypted disk" but then mentions it is based on
>>>>> SQLCipher.  Does this mean that IOCipher is actually an encrypted
>> SQLite
>>>>> database?  Just trying to understand... Thanks for any responses!
>>>>
>>>> Yes! It was Hans' brilliant idea to use libSQLFS ("a library that
>>>> implements a POSIX style filesystem on top of an SQLite database" on top
>>>> of SQLCipher. It has worked like a charm, in production use by 100,000s
>>>> of users in ChatSecure, Courier, CameraV (where we record and play
>>>> videos into it) and other apps.
>>>>
>>>> https://github.com/guardianproject/libsqlfs
>>>> https://github.com/guardianproject/iocipher
>>>>
>>>>
>>>> --
>>>>   Nathan of Guardian
>>>>   nathan at guardianproject.info
>>>> _______________________________________________
>>>> List info: https://lists.mayfirst.org/mailman/listinfo/guardian-dev
>>>> To unsubscribe, email:  guardian-dev-unsubscribe at lists.mayfirst.org
>>>>
>>>
>>>
>>>
>>> _______________________________________________
>>> List info: https://lists.mayfirst.org/mailman/listinfo/guardian-dev
>>> To unsubscribe, email:  guardian-dev-unsubscribe at lists.mayfirst.org
>>>
>>
>> --
>> PGP fingerprint: EE66 20C7 136B 0D2C 456C  0A4D E9E2 8DEA 00AA 5556
>> https://pgp.mit.edu/pks/lookup?op=vindex&search=0xE9E28DEA00AA5556
>> _______________________________________________
>> List info: https://lists.mayfirst.org/mailman/listinfo/guardian-dev
>> To unsubscribe, email:  guardian-dev-unsubscribe at lists.mayfirst.org
>>
> 
> 
> 
> _______________________________________________
> List info: https://lists.mayfirst.org/mailman/listinfo/guardian-dev
> To unsubscribe, email:  guardian-dev-unsubscribe at lists.mayfirst.org
> 

-- 
PGP fingerprint: EE66 20C7 136B 0D2C 456C  0A4D E9E2 8DEA 00AA 5556
https://pgp.mit.edu/pks/lookup?op=vindex&search=0xE9E28DEA00AA5556


More information about the guardian-dev mailing list