What is an encryption?

Data can be jumbled using encryption so that only people with the proper authorization can decipher it. Technically speaking, it’s the process of transforming legible plaintext for humans into unintelligible text or ciphertext. To put it another way, encryption modifies readable data to make it appear random. A cryptographic key, a collection of agreed-upon mathematical values by the sender and the recipient of an encrypted communication is necessary for encryption.

Realm Encryption

To prevent data, you store on disk from being read by anyone other than the application, you can hide your realms. For the realm encryption key, do not use cryptographically weak hashes. To best protect, it is recommended that realm encryption key be generated on a random basis. To encrypt the realm file to disk using AES256 + SHA2 encryption, you provide a 64-bit key when it opens. Realm domain straightforwardly encodes and decodes information with standard AES-256 encryption, utilizing the initial 256 pieces of the given 512-bit encryption key.

Realm domain utilizes the other 256 pieces of the 512-bit encryption key to approve respectability utilizing a hash-based message confirmation code (HMAC).



When encrypting a realm, keep the following important effects in mind.

  • Reusing and Storing Keys
  • Performance Influence
  • Atlas Device Sync and Encryption

Reusing and Storing Keys

Each time you open the encrypted realm, you have to pass the same realm encryption key. The Realm SDK raises an error if you specify the incorrect key or don’t supply a key at all for an encrypted realm.

To prevent key leaking, applications should keep the realm encryption key safely. Usually, this is done in the target platform’s secure key/value storage. For easier access to underlying storage, you may utilise Xamarin Secure Storage or MAUI Secure Storage, for instance. In the end, the developer has the obligation of making sure that the key is inaccessible to attackers.

Performance Influence

Encrypted realm reads and writes can be up to 10% slower than unencrypted realms. Because full disc encryption encrypts and decrypts data continuously, it may have a detrimental impact on system performance. Limited flexibility: Sharing possibilities for non-sensitive data on the drive may be limited since all files are protected using full disc encryption.

Note: You have to provide the same realm encryption key each time you get a Realm instance. When you run GetInstance on an encrypted Realm, you will receive a RealmFileAccessErrorException if you don’t supply a key or if you submit the incorrect key.

Atlas Device Sync and Encryption

A synchronized realm is encryptable. Data synchronization between client apps and an Atlas App Services backend is automatically accomplished via Atlas Device Sync. Sync asynchronously synchronizes data in a background thread between a client device and your backend application while the device is online.

You may use an OAuth provider (like MAUI.Auth and Xamarin.Auth) or one of the MongoDB realm Authentication providers and an Authentication Trigger to produce 64-bit keys that can be stored in user objects if you require separate keys for each user of your application.

The following codes demonstrates how to generate an encryption key and open an encrypted realm:

Realm Encryption key

Open an encrypted realm


Threats to cybersecurity aren’t going away. The volume of cyberattacks and the sophisticated methods used to obtain information have increased yearly.

Businesses must use encryption to safeguard systems and data. It’s among the best solutions for preventing unwanted people from accessing sensitive data. These above techniques ensure that even if hackers gain access to your system data, they won’t be able to see, read, or do anything with it. Without the encryption key, the data will continue to be unreadable.

A S Amshula
Software Engineer

Ready to get started?

Contact us Close