We’re pleased to announce SQLCipher 4.8.0, which is a minor update that builds on the recent 4.7.0 release and incorporates several incremental fixes and improvements.

Important Note: Applications upgrading from versions of SQLCipher 4.6.1 or earlier should be aware that this version of SQLCipher incorporates several potential breaking changes from SQLCipher 4.7.0. Please carefully review the 4.7.0 release notes before upgrading.

SQLCipher Core

The following changes are included in SQLCipher core:

• Fixes regression in PRAGMA cipher_migrate which would raise an error when migrate was called on a current version database (i.e. migration was not necessary). This restores the old behavior where the spurious operation would be ignored.
• Improves selective locking for shared cache mode connections (note: use of shared cache is strongly discouraged)
• Reduces initial memory allocation requirement for private heap
• Add tracking and debug logging of private heap usage statistics
• Removes invasive changes to process working set size on Windows
• sqlcipher-android allows custom logging targets via the Logger class (uses logcat for compatibility by default)

Commercial and Enterprise Editions

The following changes are included in noted SQLCipher Commercial or Enterprise packages:

• Updates .NET references to Microsoft.EntityFrameworkCore.Sqlite.Core and Microsoft.Data.Sqlite.Core references to 9.0.4 to eliminate NuGet vulnerability warnings related to earlier version’s dependencies on System.Text.Json.
• Allows reference WinUI project to automatically use SQLCipher Windows .NET FIPS packages when present
• Removes the now unnecessary slf4j-api dependency from the SQLCipher for JDBC example project
• Improves the SQLCipher for Linux FIPS examples related to ARM 32-bit builds
• Improves the SQLCipher for Linux examples for multi-architecture compilation

Upgrading and Availability

SQLCipher 4.8.0 is available for download now. We strongly recommend testing your applications thoroughly with the new version before deploying to production.

Commercial and Enterprise - On-demand access to new releases of SQLCipher packages are available to all licensees with an active CipherCare support subscription from the Customer Downloads fulfillment site. Subscribers will also receive a separate email notification regarding the update and can contact us at any time for private support directly from the SQLCipher development team. Commercial and Enterprise edition upgrades require a new license code from the SQLCipher fulfillment site for each version. Don’t forget to change the license code in your application(s) when you upgrade.

Community Edition - SQLCipher Community Edition source code is available on GitHub, via AAR packaging for Android, and CocoaPods for iOS.

For feedback and questions, please visit our Community Forum or private support channels.

We’re pleased to announce SQLCipher 4.7.0, which updates the baseline to SQLite 3.49.1 and includes several major improvements to memory management, library initialization, and cryptographic operations. This release represents the largest set of improvements since SQLCipher 4 and it should prove to be much faster and more efficient for most integrating applications.

Core Improvements and Breaking Changes

The new version of SQLCipher incorporates a major build system change introduced by upstream SQLite’s transition to use autosetup in version 3.48.0. This restructuring required corresponding changes to SQLCipher that substantially diverge from the historical build process. This resulted in several “breaking changes” to build flags and file output naming. We’ve taken advantage of this opportunity to introduce additional optimizations and security enhancements that also required major changes.

Since these changes mainly affect the library and executable build steps, they should primary affect integrators that are building from source (i.e. the Open Source Community Edition of SQLCipher). We have worked hard to minimize impact for Commercial and Enterprise customers; our official packages abstract away most of the underlying build system changes.

One notable inherited change from SQLite could affect all SQLCipher packages: the behavior of SELECT statements on encrypted databases prior to keying. SQLCipher’s documentation has always stated that applications should provide a key to the database via sqlite3_key(), sqlite3_key_v2(), or PRAGMA key as the first operation on a database connection. However, in previous versions of SQLCipher, it was technically possible to invoke schema-less statements (those that would not read from the database, e.g. SELECT 1) prior to keying. That is no longer possible in this release. Applications now MUST set the key prior to executing these types of statements as they do read the database file. This new requirement stems from a change to SQLite’s internal query parsing logic. Note that this change should not affect well-behaved applications that previously adhered to SQLCipher integration guidelines, but it still presents potential as a breaking change in some limited cases.

The following summarizes the breaking changes required for alignment with upstream SQLite and other improvements:

All packages:

• SELECT statements (including schema independent queries like SELECT 1) cannot be executed prior to setting the database key on encrypted database

Build system only:

• Renamed configure flag --enable-tempstore=yes to --with-tempstore=yes for alignment with SQLite
• Renamed default executable and library build outputs from sqlcipher and libsqlcipher to sqlite3 and libsqlite3
• Removed configure flag --with-crypto-lib (replace with appropriate -DSQLCIPHER_CRYPTO_* CFLAG)
• Required defining SQLITE_EXTRA_INIT=sqlcipher_extra_init and SQLITE_EXTRA_SHUTDOWN=sqlcipher_extra_shutdown at compile time
• Enforced thread safe mode (i.e. SQLITE_THREADSAFE of 1 or 2) and temporary storage (i.e. SQLITE_TEMP_STORE of 2 or 3) settings at compile time

This release also includes a substantial change to the library initialization and cleanup to reduce overhead and improve performance. As part of this change, SQLCipher now allocates most required memory at startup. This approach is more efficient, improves memory locking on constrained platforms while reducing memory fragmentation. It should reduce or eliminate mlock and VirtualLock warnings on Android and Windows respectively.

Additional core changes and improvements include:

• Fast random overwrite of freed memory segments
• Dynamic on-demand generation of keyspecs
• Expanded keyspec/raw key format to accept key, HMAC key, and salt values
• Basic obfuscation of context key material
• Expanded sqlcipher_provider interface with init and shutdown functions
• Support for .recover shell command on corrupt databases with a full plaintext first page
• Improved error handling in sqlcipher_export() and PRAGMA cipher_migrate
• Custom compile-time default cryptographic provider via the SQLCIPHER_CRYPTO_CUSTOM macro
• Removed support for OpenSSL versions older than 3.0

SQLCipher for Android

SQLCipher for Android includes two major library changes:

1. A new Cursor Window implementation makes fetching data much faster by avoiding round trips through Java and JNI layers. It also makes more efficient use of memory for objects of different sizes.
2. Adjustments to connection pool initialization during startup improves first-statement execution time for WAL-based Room databases by using the primary connection first and deferring pool expansion until it is strictly required.

Applications using SQLCipher for Android can expect to see measurable performance improvements with this upgrade, as evidenced by the following benchmarks:

UPDATE 2025-03-31: A 4.7.2 patch release is now available for the following: SQLCipher for Android (All Editions), SQLCipher for Android FIPS (Enterprise), and SQLCipher for React Native (Enterprise). It fixes two unpredictable defects in SQLCipher for Android 4.7.0’s new Cursor Window implementation that could cause a crash when a large query result set triggers a window resize with a fragmented heap. Applications using affected 4.7.0 packages should upgrade. Earlier versions of SQLCipher for Android below 4.7.0 are unaffected.

Commercial and Enterprise Editions

Most notably, the new version of SQLCipher Commercial and Enterprise packages include a massive performance improvement for multi-connection workloads. Applications with connection-heavy use cases that use multiple database handles to the same databases can expect to see a 100%+ speedup when establishing new connections. This can greatly enhance throughput for applications, especially with numerous concurrent connections or when using connection pools (e.g. on Java, Android, ADO.NET, EntityFrameworkCore, etc). These performance improvements are exclusive to Commercial and Enterprise builds.

For example, the following benchmarks show single and multi-threaded scenarios between 4.6.1 and 4.7.0, where each test executes 100 iterations, split up across threads, using a mixed set of operations. Numbers in parentheses reflect the number of threads and iterations per thread. While these were measured using EntityFrameworkCore in .NET, similar performance improvements are seen across all 4.7.0 packages.

In addition to the speed boost, there are a number of other improvements available solely to Commercial and Enterprise:

• ARM64 support in Windows FIPS packages
• ARM and ARM64 Linux FIPS packages
• Support for 16K page sizes in the Android FIPS package
• Updated Linux FIPS build for glibc 2.28 compatibility
• Support for code signing and embedded app bundles in macOS FIPS packages
• Improved error handling for FIPS module initialization
• Updated FIPS package cryptographic provider versions
• Excluded cryptographic symbols in the exposed API from libraries
• Modernized Android example project
• Updated System.Data.SQLite to version 1.0.119.0
• Changed .NET RIDs from win10 to win for improved compatibility
• Updated NuGet package dependencies to SQLitePCLRaw 2.1.11
• Enabled URI Filename processing
• Added WinUI sample project for .NET and removal of deprecated / legacy sample project
• Updated OpenSSL packages to 3.0.16 LTS
• Improved sample projects for .NET Microsoft.Data.Sqlite and EntityFramework Core

Important Note: Official SQLCipher packages shield customers from most of the breaking changes in the community edition, but there are two changes that customers must be aware of:

• Commercial and Enterprise edition upgrades now require a new license code from the SQLCipher fulfillment site for each version release. Going forward, when you upgrade your SQLCipher package, you should also update the license code in your application.
• As noted above, SELECT statements (including schema independent queries like SELECT 1) should not be executed on encrypted databases prior to setting the database key

Upgrading and Availability

SQLCipher 4.7.0 is available for download now. Due to the potentially breaking changes, we recommend testing your applications thoroughly with the new version before deploying to production.

Commercial and Enterprise - On-demand access to new releases of SQLCipher packages are available to all licensees with an active CipherCare support subscription from the Customer Downloads fulfillment site. Subscribers will also receive a separate email notification regarding the update and can contact us at any time for private support directly from the SQLCipher development team. Don’t forget to update your license code with this upgrade.

Community Edition - SQLCipher Community Edition source code is available on GitHub, via AAR packaging for Android, and CocoaPods for iOS.

For feedback and questions, please visit our Community Forum or private support channels.

We are excited to announce the availability of Codebook for Windows 5.2.3 which includes support for Windows Hello biometric authentication. This feature can be used to log in to Codebook quickly using fingerprint, face, or PIN authentication.

To enable authentication with Windows Hello:

• Launch Codebook for Windows and log in
• Go to File menu -> Preferences -> General
• Check the “Enable Windows Hello” checkbox

For more information:

• Codebook help for Windows Hello
• Microsoft help for Windows Hello

Additionally, this release of Codebook for Windows improves the user interface when using Windows High-contrast themes for improved accessibility. Users who benefit from high-contrast display can use this accessbility feature to get the most out of Codebook as well.

Please feel free to reach out to support@zetetic.net if you have any questions or concerns, we always appreciate hearing from our customers.

We are happy to announce the availability of Codebook for Windows 5.1.3 which brings localization to the application, now with support for the following languages:

Codebook for Windows will select the localization based on the operating system configuration automatically. You may adjust this within Windows Settings > Time & language > Language & region > Windows display language.

Additionally, if you prefer Codebook to display in language which differs from your operating system configuration, create a JSON file named codebook.config within the %APPDATA%\Zetetic LLC\Strip directory containing a culture element with a culture identifier from the table above. The example below would force Codebook for Windows to use German localization:

{
  "culture": "de-DE",
}

This Windows release brings our localization support into parity with Codebook on Android, iOS, and macOS. As Codebook users are all over the globe, we hope this addition makes the application feel more at home for everyone. Please feel free to reach out to support@zetetic.net if you have any questions or concerns, we always appreciate hearing from our customers.

Today we are proud to announce the launch of Codebook Cloud and Codebook 5!

Codebook Cloud is an automatic sync service for Codebook Password Manager, built and run by Zetetic.

While Codebook supports a few different sync services, Codebook Cloud is the best way to keep your passwords and other secure data in sync across all of your devices:

• It’s automatic
• It’s instantaneous
• It’s available anywhere with an Internet connection

Once you turn on Codebook Cloud, any changes you make to your data will be available immediately on all your devices. You will always have up-to-date passwords and other login credentials available to you from any network.

Subscription Pricing

Codebook Cloud is free to try for one month, with a subscription. Existing customers who previously paid for Codebook prior to version 5 will find they are entitled to a special offer on their subscription, six months of free service. Upgrade to Codebook 5 and purchase your subscription in the app to get this special offer.

Upgrading

Codebook 5 is a free upgrade. Instructions for updating Codebook are available.

Note: You must upgrade all your devices to continue using sync! Codebook 5 will not sync with prior versions of Codebook.

Please be sure to review the updated minimum supported operating systems in Codebook 5 before you upgrade. If you cannot upgrade to Codebook 5 on one of your devices, you may wish to turn off automatic updates on your Android and iOS devices so that you can continue using the sync feature until you are able to upgrade your operating system.

When you upgrade to Codebook 5, Codebook Cloud will not be turned on automatically—we would never upload your data to our service without your permission! Codebook 5 will prompt you to try out the service, but that’s entirely up to you. Turning on Codebook Cloud sync requires creating an account and choosing a subscription plan.

Questions About Codebook Cloud?

If you have questions regarding the particulars of how Codebook Cloud works, security measures we’ve taken, or just want to inquire about the existing sync services (they are all still supported in Codebook 5), please take a look at the FAQ we’ve prepared!

If you have any other questions, or feedback about Codebook 5 and Codebook Cloud, please send an email to our support team, or write a post on our discussion forum.

New Welcome Screen

When you launch Codebook 5 on a new device (i.e. you do a fresh install), you’ll notice that there’s a brand new first-time setup screen.

This Welcome view is designed to do a couple of things:

• Encourage new users to set up a Codebook Cloud account
• Make it easier for current users of Codebook to get set up on a new device

For existing users it does this by letting you scan your Sync Key from another device right away. That will import your Sync Key and set your Master Password all in one shot. And if you also happen to be a Codebook Cloud user, it will set that up, too!

Sync Bugs Fixed

Over the last couple of years while we worked on the automatic sync feature in Codebook 5, which is built on top of some of Codebook’s core sync functionality, we uncovered and fixed some edge-case bugs that we believe have troubled a few customers over the years. Even if Codebook Cloud sync isn’t for you and you prefer to stick with your current sync service, you’re going to want to use the updated sync feature in Codebook 5.

Sync Key Backup Options - Encrypted Sync Key Files

Making sure that customers have a backup of their Sync Key is an important goal of ours. The main reason being that there are many customers out there with Codebook on just one device, but their data synced out to one of the cloud services. If they lose that one device or it is destroyed, they can restore their Codebook data onto a new device, but only if they have their Sync Key backed up somewhere!

To that end we’ve done a couple of things in Codebook 5. The “Backup Your Sync Key” view in each of the apps has gotten a bit simpler. It has less, more direct informational text, fewer options, and is hopefully easier to understand.

And you’ll notice there is a new option in the list there, Save As File! This option allows you to backup your Sync Key to a file in a safe way. The resulting .synckey file contains an encrypted version of your Sync Key, protected by your Master Password. Sync Key files are a type of text file, so you can examine the contents yourself in a text editor.

Note: A backup of your Sync Key to a file is only going to help you in the event of device loss if you still have a copy of it. Be sure to copy this file somewhere else for access later in the event you need to recover your data via sync.

Improved Translation Support

For some time now Codebook has supported translations (on Android, iOS, and macOS) in six languages:

• Chinese
• French
• German
• Italian
• Japanese
• Spanish

However, that support was fairly inconsistent—there were many untranslated bits of text throughout the apps, and sometimes the more complicated displays tended to garble formatting and substitutions of numerical and date values.

In Codebook 5 (on Android, iOS, and macOS), we have been aiming to change that. For the past two years we have put an incredible amount of time into tracking down untranslated text and bad formatting, and ensuring all updates to display text and new strings introduced for our new features are properly translated going forward. This is thousands upon thousands of lines code and translation!

That doesn’t mean we’ve gotten everything correct, and we want to return to the topic in Codebook for Windows where translations are not yet supported. In the meantime, if you see anything that’s amiss, please let us know and we’ll fix it up.