[guardian-dev] Understanding IOCipher

zoki zoran.smilevski at gmail.com
Tue Feb 23 10:05:41 EST 2016


Thank you!

Cacheword is awesome for key managing. But I don't need so advanced
implementation, so I'm using my own fork of cacheword which is less
complex. It's without Service and auto locking and it has support for
multiple instances. Using one instance for database and one for storage.
Have a plan to upload it on github but didn't have time yet.

Will try that vacuum solution in near future. Thanks!

Best regards,
Zoran

On Mon, Feb 22, 2016 at 10:16 AM Hans-Christoph Steiner <
hans at guardianproject.info> wrote:

>
> Thanks for the feedback, glad to hear its useful!  I definitely
> recommend checking out CacheWord for managing keys, it works seamlessly
> with both SQLCipher-for-Android and IOCipher.
>
> https://guardianproject.info/code/cacheword
>
> As for shrinking containers, that is possible using the SQLite 'vacuum'
> command.  But since SQLCipher will reuse that space, we haven't needed
> to implement the vacuum stuff. We'd definitely help if someone wanted to
> take it on because it would be good to have.
>
> Here's the issue to track that:
> https://dev.guardianproject.info/issues/171
>
> .hc
>
> zoki:
> > Hello devs!
> >
> > I really like this library, it's working great, especially in combination
> > with SQLCipher.
> > The only thing i'm missing is an option to shrink container file. Now
> > deleting a file doesn't do a lot, because it won't free up disk space.
> >
> > Do you have any plan on implementing container shrinking, or at least
> some
> > use case or advise how to implement that correctly?
> >
> > Thanks!
> >
> > Zoran Smilevski
> >
> > On Mon, Feb 22, 2016 at 9:19 AM Hans-Christoph Steiner <
> > hans at guardianproject.info> wrote:
> >
> >>
> >> it is literally a filesystem implemented in SQLCipher.  Then instead of
> >> mounting it, which requires root, it provides an API that is the same as
> >> java.io.File, so it is easy to use the IOCipher filesystem as the base
> >> filesystem for an app.  It is not easy, on the other hand, to use a
> >> IOCipher filesystem at the same time as the regular filesystem.  That is
> >> by design since if an app needs to encrypt some of the files, it might
> >> as well encrypt them all to prevent accidental leaks.
> >>
> >> .hc
> >>
> >> Jabber Wocky:
> >>> Ah, thank you Nathan! I originally started reading about IOCipher on
> >>> ChatSecure's github site. They described IOCipher as follows: "IOCipher
> >>> allows you to create an encrypted virtual file store within a
> >>> SQLite/SQLCipher database..."  So now I understand based on your
> >> response.
> >>> IOCipher is basically a SQLCipher database with the added ability
> >>> read/write files inside of it.
> >>>
> >>> -JW
> >>>
> >>> On Mon, Feb 8, 2016 at 11:18 AM, Nathan of Guardian <
> >>> nathan at guardianproject.info> wrote:
> >>>
> >>>>
> >>>> On Mon, Feb 8, 2016, at 11:06 AM, Jabber Wocky wrote:
> >>>>> I'm trying to understand some basics of IOCipher. The documentation
> >>>>> states
> >>>>> it to be a "virtual encrypted disk" but then mentions it is based on
> >>>>> SQLCipher.  Does this mean that IOCipher is actually an encrypted
> >> SQLite
> >>>>> database?  Just trying to understand... Thanks for any responses!
> >>>>
> >>>> Yes! It was Hans' brilliant idea to use libSQLFS ("a library that
> >>>> implements a POSIX style filesystem on top of an SQLite database" on
> top
> >>>> of SQLCipher. It has worked like a charm, in production use by
> 100,000s
> >>>> of users in ChatSecure, Courier, CameraV (where we record and play
> >>>> videos into it) and other apps.
> >>>>
> >>>> https://github.com/guardianproject/libsqlfs
> >>>> https://github.com/guardianproject/iocipher
> >>>>
> >>>>
> >>>> --
> >>>>   Nathan of Guardian
> >>>>   nathan at guardianproject.info
> >>>> _______________________________________________
> >>>> List info: https://lists.mayfirst.org/mailman/listinfo/guardian-dev
> >>>> To unsubscribe, email:  guardian-dev-unsubscribe at lists.mayfirst.org
> >>>>
> >>>
> >>>
> >>>
> >>> _______________________________________________
> >>> List info: https://lists.mayfirst.org/mailman/listinfo/guardian-dev
> >>> To unsubscribe, email:  guardian-dev-unsubscribe at lists.mayfirst.org
> >>>
> >>
> >> --
> >> PGP fingerprint: EE66 20C7 136B 0D2C 456C  0A4D E9E2 8DEA 00AA 5556
> >> https://pgp.mit.edu/pks/lookup?op=vindex&search=0xE9E28DEA00AA5556
> >> _______________________________________________
> >> List info: https://lists.mayfirst.org/mailman/listinfo/guardian-dev
> >> To unsubscribe, email:  guardian-dev-unsubscribe at lists.mayfirst.org
> >>
> >
> >
> >
> > _______________________________________________
> > List info: https://lists.mayfirst.org/mailman/listinfo/guardian-dev
> > To unsubscribe, email:  guardian-dev-unsubscribe at lists.mayfirst.org
> >
>
> --
> PGP fingerprint: EE66 20C7 136B 0D2C 456C  0A4D E9E2 8DEA 00AA 5556
> https://pgp.mit.edu/pks/lookup?op=vindex&search=0xE9E28DEA00AA5556
> _______________________________________________
> List info: https://lists.mayfirst.org/mailman/listinfo/guardian-dev
> To unsubscribe, email:  guardian-dev-unsubscribe at lists.mayfirst.org
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.mayfirst.org/pipermail/guardian-dev/attachments/20160223/37bda064/attachment.html>


More information about the guardian-dev mailing list