Developer

Data Encryption with an OData Offline Store

By default, an OData Offline Store does not encrypt the data it collects and stores on the device.

In order to enable the encryption of the store data, an encryption key must be provided to the storeEncryptionKey store option when the offline store is opened for the first time (SODataOfflineStoreOptions.storeEncryptionKey for iOS and ODataOfflineStoreOptions.storeEncryptionKey for Android). The encryption key is used to encrypt the underlying databases.

Once the database is encrypted, all subsequent attempts to open the store must supply the encryption key. The supplied key is checked against the original encryption key and the open fails unless the key matches. Choose an encryption key value that cannot easily be guessed. The key can be of arbitrary length, but generally a longer key is better, because a shorter key is easier to guess. Including a combination of numbers, letters, and special characters decreases the chances of someone guessing the key.

The Offline Store does not provide any functionality for generating encryption keys. An application may wish to store the encryption key in another secure store on the device (such as the Data Vault). However, the Offline Store does not provide any functionality for automatically storing or retrieving the encryption key from an alternate secure store.

Consider the following when creating a key:
  • Do not include semicolons in your key.
  • Do not put the key itself in quotes, or the quotes will be considered part of the key.
  • Lost or forgotten keys result in completely inaccessible stores.