SQLCipher 4.0.1 Release

2018-12-18 07:00:00 -0500

SQLCipher 4.0.1 is now available. This update to SQLCipher 4 includes several very important changes:

  • Based on upstream SQLite 3.26.0, which addresses the SQLite “Magellan” vulnerability
  • Adds PRAGMA cipher_compatibility and PRAGMA cipher_default_compatibility which simplify configuration of appropriate compatibility settings for different major SQLCipher versions
  • Filters out ATTACH statements which contain KEY parameters from readline history when using the command line shell
  • Fixes a crash in the command line shell when it is provided empty input (e.g. ^D)
  • Fixes various compiler warnings related to strict-prototypes

The Magellan Vulnerability

The SQLite Magellan issue is a remote code execution vulnerability. Discovered by Tencent Blade Team, this problem can potentially affect applications that use SQLite versions prior to 3.26.0. By extension, because SQLCipher is based on SQLite, this issue can also affect applications that use SQLCipher versions prior to this release of 4.0.1.

The scope of the vulnerability is such that it could be used to exploit applications that:

  1. Allow a potential attacker to execute arbitrary SQL; or
  2. Open untrusted databases (i.e. that could be specifically corrupted by an attacker)

Due to the potential severity of this issue, we strongly recommend that all applications upgrade to SQLCipher 4.0.1, especially if they meet the aforementioned criteria.

Compatibility

As with the recent SQLCipher 4.0.0 release, 4.0.1 contains changes that are not directly compatible with SQLCipher 3.x (or lower). These provide a much higher level of security than previous versions of SQLCipher, however, SQLCipher 4.x will not open older databases by default (i.e. those created by SQLCipher 3.x or lower). To enable backwards-compatibility, applications can easily adjust settings at runtime or migrate older databases:

  • To migrate and upgrade an existing database in place (preserving data and schema) to use the new default settings, use PRAGMA cipher_migrate.
  • To open an older database use the compatibility PRAGMAs to adjust settings back to their previous values. For example, to open a SQLCipher 3 database using SQLCipher 4, use the following statement after opening and keying the database: PRAGMA cipher_compatibility = 3;.
  • To attach and export data to a new database with fine-grained control, use the sqlcipher_export() convenience function.

Please review this additional guidance for detailed upgrade and migration scenarios. We have also published a migration guide for Commercial and Enterprise customers upgrading to SQLCipher 4.x using the SQLite-net API.

Availability

Commercial Edition - On-demand access to new releases of SQLCipher Commercial Edition are available to licensees with an active CipherCare subscriber subscription, along with private, prioritized support directly from Zetetic. CipherCare subscribers will receive a separate email notification regarding the update and can contact us to request the latest SQLCipher distribution and applicable software license codes.

SQLCipher Enterprise Program - Enterprise Program Subscription customers will receive a separate email notification about the release, and the latest SQLCipher packages and license codes will be provided directly via your organization’s private online software delivery share.

Community Edition - SQLCipher 4.0.1 in source format is directly available on GitHub. The Community Edition of SQLCipher for Android is available via AAR packaging. The Community Edition of SQLCipher for iOS can be compiled from source or using CocoaPods.

SQLCipher 4.0.0 Release

2018-11-30 07:00:00 -0500

We are incredibly excited to announce the much anticipated release of SQLCipher 4. This is a major update that includes new features, improvements, and fixes. Here are some of the most important highlights:

  • PBKDF2-HMAC-SHA512 is the new KDF algorithm
  • HMAC-SHA512 is now used for per-page HMACs
  • The default database page size has been increased to 4096 bytes
  • KDF iteration count has been increased to 256,000
  • Improved memory sanitization features
  • Significant performance improvements for common use cases on platforms including iOS, Android, and Windows
  • New baseline on upstream 3.25.2 enabling many new SQLite features
  • Completely revamped client API support for .NET based platforms including sqlite-net, Entity Framework, and Microsoft ADO.NET

The full list of changes in the release can be found below. Note that changes indicated by a * are high impact and will impact compatibility with prior version of SQLCipher!

SQLCipher Core

  • Default page size for databases increased to 4096 bytes (up from 1024) *
  • Default PBKDF2 iterations increased to 256,000 (up from 64,000) *
  • Default KDF algorithm is now PBKDF2-HMAC-SHA512 (from PBKDF2-HMAC-SHA1) *
  • Default HMAC algorithm is now HMAC-SHA512 (from HMAC-SHA1) *
  • PRAGMA cipher is now disabled and no longer supported (after multi-year deprecation) *
  • PRAGMA rekey_cipher is now disabled and no longer supported *
  • PRAGMA rekey_kdf_iter is now disabled and no longer supported *
  • By default all memory allocated internally by SQLite before the memory is wiped before it is freed
  • PRAGMA cipher_memory_security: allows full memory wiping to be disabled for performance when the feature is not required
  • PRAGMA cipher_kdf_algorithm, cipher_default_kdf_algorithm to control KDF algorithm selection between PBKDF2-HMAC-SHA1, PBKDF2-HMAC-SHA256 and PBKDF2-HMAC-SHA512
  • PRAGMA cipher_hmac_algorithm, cipher_default_hmac_algorithm to control HMAC algorithm selection between HMAC-SHA1, HMAC-SHA256 and PBKDF2-HMAC-SHA512
  • Based on upstream SQLite 3.25.2
  • When compiled with readline support, PRAGMA key and rekey lines will no longer be saved to history
  • Adds second optional parameter to sqlcipher_export to specify source database to support bidirectional exports
  • Fixes compatibility with LibreSSL 2.7.0+
  • Fixes compatibility with OpenSSL 1.1.x
  • Simplified and improved performance for PRAGMA cipher_migrate when migrating older database versions
  • Refactoring of SQLCipher tests into separate files by test type
  • PRAGMA cipher_plaintext_header_size and cipher_default_plaintext_header_size: allocates a portion of the database header which will not be encrypted to allow identification as a SQLite database
  • PRAGMA cipher_salt: retrieve or set the salt value for the database
  • Adds Podspec for using tagged versions of SQLCipher
  • Define SQLCIPHER_PROFILE_USE_FOPEN for WinXP support
  • Improved error handling for cryptographic providers
  • Improved memory handling for PRAGMA commands that return values
  • Improved version reporting to assist with identification of distribution
  • Major rewrite and simplification of internal codec and pager extension
  • Fixes compilation with –disable-amalgamation
  • Removes sqlcipher.xcodeproj build support

SQLCipher for Android

  • Substantial improvements to cursor access performance due to new loading heuristics
  • Define custom cursor allocation sizes for paging query results, including initial, growth size, and maximum memory allocations
  • Option to disable loading heuristic via setFillWindowForwardOnly on SQLiteCursor instance
  • JNI CursorWindow caching of chunk pointer offsets to minimize linked list traversal
  • Query total data size, and largest individual row in bytes based on provided query
  • WAL mode API to enable, disable, and check if enabled
  • Add API to get list of attached databases
  • Add API to perform integrity check of the database
  • Add API to enable, or disable foreign key constraints
  • Improvements to begin transactions to allow for immediate and exclusive modes
  • SQLiteOpenHelper supports onConfigure and onDowngrade callbacks
  • SQLiteOpenHelper exposes the database name, and current WAL mode
  • Improve exceptions thrown within JNI layer
  • SQLCipher for Android target SDK set to 26
  • Add support for AboutLibraries

SQLCipher for iOS

  • To allow the use of WAL mode databases in shared containers use PRAGMA cipher_plaintext_header_size and cipher_default_plaintext_header_size to allocate a portion of the database header which will not be encrypted to allow identification as a SQLite database.
  • Major (2x or more) performance improvements with hardware acceleration on 4K page size databases
  • Removes support for sqlcipher.xcodeproj integration method for Community Edition*

SQLCipher for .NET, Xamarin, and Windows

  • Client APIs now support a new sqlite-net compatible package based on the official praeclarum/sqlite-net library (was previously based on SQLite.Net-PCL) *
  • Adds support for Microsoft Entity Framework via Microsoft.EntityFrameworkCore.Sqlite.Core 2.x
  • Adds support for Microsoft’s ADO.NET implementation via Microsoft.Data.Sqlite.Core 2.x
  • Substantial performance enhancements for Windows UAP and Runtime packages (up to 50%+ improvement under certain tests)
  • Updates to all cryptographic support libraries including OpenSSL 1.1.1, OpenSSL 1.0.2p, OpenSSL FIPS 2.0.16, and LibTomCrypt 1.18.2
  • Windows Phone is no longer supported due to the product end of life

Note: .NET, Windows and Xamarin packages are available exclusively via Commercial Edition packages and under the SQLCipher Enterprise Program.

Compatibility

Many of these changes provide a much higher level of security than previous versions of SQLCipher. However, the new page size of 4096, 256,000 KDF iterations, use of PBKDF2-HMAC-SHA512 and HMAC-SHA512 all modify important database settings. Thus, SQLCipher 4 will not open older databases by default. As always, we have updated our migration feature to streamline the upgrade process. To enable backwards-compatibility, it is possible to adjust settings at runtime or migrate older databases:

  • To migrate and upgrade an existing database in place (preserving data and schema), use the new default settings, use PRAGMA cipher_migrate.
  • To open an older database used pragmas to adjust settings back to their previous values. For example, to open a SQLCipher 3 database using SQLCipher 4, you could use the following statements after opening and keying the database: PRAGMA cipher_page_size = 1024; PRAGMA kdf_iter = 64000; PRAGMA cipher_hmac_algorithm = HMAC_SHA1; PRAGMA cipher_kdf_algorithm = PBKDF2_HMAC_SHA1;
  • To attach and export data to a new database, use the sqlcipher_export() convenience function. This would let you control migration using very specific or custom settings.

Availability

Commercial Edition - On-demand access to new releases of SQLCipher Commercial Edition are available to licensees with an active CipherCare subscriber subscription, along with private, prioritized support directly from Zetetic. CipherCare subscribers will receive a separate email notification regarding the update and can contact us to request the latest SQLCipher distribution and applicable software license codes.

SQLCipher Enterprise Program - Enterprise Program Subscription customers will receive a separate email notification about the release, and the latest SQLCipher packages and license codes will be provided directly via your organization’s private online software delivery share.

Community Edition - SQLCipher 4.0.0 in source format is directly available on GitHub. The Community Edition of SQLCipher for Android is available via AAR packaging. The Community Edition of SQLCipher for iOS can be compiled from source or using CocoaPods.

Additional Details

Over the coming weeks we will be posting more detailed blog posts that elaborate on specific features and improvements that have been made with the latest SQLCipher release.

Codebook Free Trials Replaces Codebook Lite

2018-11-01 08:00:00 -0400

Codebook Lite was originally introduced alongside Codebook to allow users a free option to try Codebook for iOS before they purchased. Now with the release of Codebook 3.6.0 we’ve introduced a 14-Day Free Trial option within Codebook. Because this functionality is now built into Codebook, we’re planning on discontinuing Codebook Lite development, so we can focus all our ongoing efforts on standard Codebook.

Similarly, standard Codebook has been a universal app (which works on both iPhone and iPad) now for a while and we’ve been phasing out Codebook for iPad (Legacy) for about a year, so we’re planning on pulling the plug at the same time as Codebook Lite.

Codebook Lite and Codebook for iPad Legacy will be fully removed from the App Store on January 1st, 2019. Please make sure to migrate your data to Codebook prior to this date or data loss could occur.

Migration Steps

Codebook Lite

Codebook for iPad Legacy

  1. Download the Codebook universal app
  2. Use the Codebook sync feature to sync your data from Codebook for iPad Legacy to a cloud service or a Desktop copy of Codebook.
  3. During the setup process for Codebook, you’ll be given the opportunity to use the sync feature to restore from the service or Desktop you synced with in step 2
  4. Once you’ve verified the data from Codebook for iPad legacy synced over to the new Codebook for iOS installation, feel free to delete the Codebook for iPad Legacy app

Codebook Password AutoFill and Free Trials on iOS

2018-09-18 20:00:00 -0400

Big news, folks! Codebook for iOS version 3.6.0 is available now in the App Store with support for the AutoFill Passwords feature in iOS 12. Here’s a quick demo video we made to show you how it works.

This feature requires iOS 12; if you can’t upgrade your version of iOS just yet check out Find in Codebook, which is quite similar if not as convenient.

Another big change in this version is that we are making Codebook free to download. Don’t freak out, we are not switching to a “freemium” model! Instead, Codebook will be free to try before you buy, and everyone who’s already bought the app is grandfathered in.

Until now Codebook for iOS has been available for an up-front, one time purchase of $9.99. Starting with the version 3.6.0, we’ll be making the app free to download, and free to use for two weeks, after which an In-App Purchase of Codebook Pro is required to unlock the editing and sync capabilities. Codebook Pro is a one-time purchase of $9.99, additional purchases are not required to use it with more than one device as long as you are using the same Apple ID in the App Store.

If you purchased Codebook for iOS before version 3.6.0, you are exempt from our use of In-App Purchases, because you paid up-front for the app, sight unseen, cash on the barrel, without even being able to try it first! We remain deeply grateful for your support. You will not be prompted to make an In-App Purchase, but you can see your grandfathered license status on the Settings view.

There are a few other minor changes to round out this release posted over on our discussion forum. Drop on by and let us know what you think!

Codebook Search Scopes

2018-04-24 11:00:00 -0400

The recent releases of Codebook for Windows and Codebook for macOS include a new search scope feature. Previously, searching within Codebook compared the search value against Entry names and Field values, which works great if you’re quickly trying to locate a record or specific data (i.e. Amazon, Chase Visa, records with a specific email address etc.).

We’ve run into situations ourselves and had users ask about searching over specific Label names as well (i.e. any record that has a “Password” label, or “Email” label). Some common usage scenarios we’ve come across related to this are:

  1. Your bank issues you a new card and you need to replace all records that contain the old credit card number (Search over “Credit Card” Label).
  2. You’re searching for data that you may not know the value of but you know the label name for (i.e. SSN, Bank Account #, License keys, Secret Question)

Codebook Search Scope from Zetetic on Vimeo.

The search scope feature also allows you to search over just Entry names or Field values (without having to search over both). For example, maybe you have an Entry named “Mike Gmail Account”, but you have many other entries that have email field values that contain your email address “mikemalibu@zetetic.net”, if you search for “mike” it will return every single entry that contains your email, along with the actual one you’re searching for “Mike Gmail Account”. But if you only check “Entries” under search scope, it will only search for entries that contain “mike” in the entry name.