Today we are proud to announce the launch of Codebook Cloud and Codebook 5!
Codebook Cloud is an automatic sync service for Codebook Password Manager, built and run by Zetetic.
While Codebook supports a few different sync services, Codebook Cloud is the best way to keep your passwords and other secure data in sync across all of your devices:
- It’s automatic
- It’s instantaneous
- It’s available anywhere with an Internet connection
Once you turn on Codebook Cloud, any changes you make to your data will be available immediately on all your devices. You will always have up-to-date passwords and other login credentials available to you from any network.
Subscription Pricing
Codebook Cloud is free to try for one month, with a subscription. Existing customers who previously paid for Codebook prior to version 5 will find they are entitled to a special offer on their subscription, six months of free service. Upgrade to Codebook 5 and purchase your subscription in the app to get this special offer.
Upgrading
Codebook 5 is a free upgrade. Instructions for updating Codebook are available.
Note: You must upgrade all your devices to continue using sync! Codebook 5 will not sync with prior versions of Codebook.
Please be sure to review the updated minimum supported operating systems in Codebook 5 before you upgrade. If you cannot upgrade to Codebook 5 on one of your devices, you may wish to turn off automatic updates on your Android and iOS devices so that you can continue using the sync feature until you are able to upgrade your operating system.
When you upgrade to Codebook 5, Codebook Cloud will not be turned on automatically—we would never upload your data to our service without your permission! Codebook 5 will prompt you to try out the service, but that’s entirely up to you. Turning on Codebook Cloud sync requires creating an account and choosing a subscription plan.
Questions About Codebook Cloud?
If you have questions regarding the particulars of how Codebook Cloud works, security measures we’ve taken, or just want to inquire about the existing sync services (they are all still supported in Codebook 5), please take a look at the FAQ we’ve prepared!
If you have any other questions, or feedback about Codebook 5 and Codebook Cloud, please send an email to our support team, or write a post on our discussion forum.
New Welcome Screen
When you launch Codebook 5 on a new device (i.e. you do a fresh install), you’ll notice that there’s a brand new first-time setup screen.
This Welcome view is designed to do a couple of things:
- Encourage new users to set up a Codebook Cloud account
- Make it easier for current users of Codebook to get set up on a new device
For existing users it does this by letting you scan your Sync Key from another device right away. That will import your Sync Key and set your Master Password all in one shot. And if you also happen to be a Codebook Cloud user, it will set that up, too!
Sync Bugs Fixed
Over the last couple of years while we worked on the automatic sync feature in Codebook 5, which is built on top of some of Codebook’s core sync functionality, we uncovered and fixed some edge-case bugs that we believe have troubled a few customers over the years. Even if Codebook Cloud sync isn’t for you and you prefer to stick with your current sync service, you’re going to want to use the updated sync feature in Codebook 5.
Sync Key Backup Options - Encrypted Sync Key Files
Making sure that customers have a backup of their Sync Key is an important goal of ours. The main reason being that there are many customers out there with Codebook on just one device, but their data synced out to one of the cloud services. If they lose that one device or it is destroyed, they can restore their Codebook data onto a new device, but only if they have their Sync Key backed up somewhere!
To that end we’ve done a couple of things in Codebook 5. The “Backup Your Sync Key” view in each of the apps has gotten a bit simpler. It has less, more direct informational text, fewer options, and is hopefully easier to understand.
And you’ll notice there is a new option in the list there, Save As File! This option allows you to backup your Sync Key to a file in a safe way. The resulting .synckey file contains an encrypted version of your Sync Key, protected by your Master Password. Sync Key files are a type of text file, so you can examine the contents yourself in a text editor.
Note: A backup of your Sync Key to a file is only going to help you in the event of device loss if you still have a copy of it. Be sure to copy this file somewhere else for access later in the event you need to recover your data via sync.
Improved Translation Support
For some time now Codebook has supported translations (on Android, iOS, and macOS) in six languages:
- Chinese
- French
- German
- Italian
- Japanese
- Spanish
However, that support was fairly inconsistent—there were many untranslated bits of text throughout the apps, and sometimes the more complicated displays tended to garble formatting and substitutions of numerical and date values.
In Codebook 5 (on Android, iOS, and macOS), we have been aiming to change that. For the past two years we have put an incredible amount of time into tracking down untranslated text and bad formatting, and ensuring all updates to display text and new strings introduced for our new features are properly translated going forward. This is thousands upon thousands of lines code and translation!
That doesn’t mean we’ve gotten everything correct, and we want to return to the topic in Codebook for Windows where translations are not yet supported. In the meantime, if you see anything that’s amiss, please let us know and we’ll fix it up.
We are pleased to announce that SQLCipher 4.6.1 is now available.
Continuing with the recent improvements to SQLCipher’s logging subsystem, the new PRAGMA cipher_log_source can be used to filter log output on higher verbosity levels by specifying a log source of CORE, MEMORY, MUTEX, or PROVIDER. Applications can now tune exactly which types of messages should be logged, most useful in the context of TRACE and DEBUG level logging where the volume of log messages is very high.
In addition to the logging changes, there are a very large number of additional improvements, fixes, and updates in this release.
SQLCipher Core / Community
- Updates baseline to upstream SQLite 3.46.1
- Significant refactor to merge
crypto.h, crypto.c, and crypto_impl.c into a single sqlcipher.c source file for simplicity.
- Updates minimum working set size on Windows to increase lockable pages
- Adds new
PRAGMA cipher_log_source for filtering log output on higher verbosity levels
- Improves log output by including the log level and source prior to message
- Improves error logging in
PRAGMA cipher_migrate
- Fixes issue where log level and target would be overwritten if set prior to initialization
- Corrects Podspec license element to use specific BSD 3 Clause
- Fixes default log output to console for macOS
- SQLCipher for Android now supports binding NULL parameters
SQLCipher Commercial and Enterprise
- Adds support for ARM and ARM64 architectures in SQLCipher for Windows .NET
- Significantly improves performance of random byte generation
- Enables statement and bytecode vtab support
- Updates all reference and sample projects for .NET 8
- Updates Linux packages to be built with a more modern OS, now targeting minimum GLIBC 2.28
- Updates SQLCipher for JDBC to use sqlite-jdbc 3.46.0.1 as baseline
- Fixes SQLCipher for JDBC support for macOS on Apple Silicon (ARM64)
- Adds support for 16 KB page sizes for Android non-FIPS packages
- Fixes an issue with the macOS FIPS package when using
xcodebuild -exportArchive (contact support for details)
- Updates FIPS 140-2 validated cryptographic modules on Android, macOS, Windows, and Linux to 3.0.13b
- Updates to use sqlite-net upstream 1.9.172
- OpenSSL based non-FIPS packages use OpenSSL 3.0.14 LTS for this release
Availability
Commercial and Enterprise - On-demand access to new releases of SQLCipher packages are available to all licensees with an active support subscription from the Customer Downloads fulfillment site. Licensees will also receive a separate email notification regarding the update and can contact us at any time for private support directly from the SQLCipher development team.
Community Edition - SQLCipher Community Edition source code is available on GitHub, via AAR packaging for Android, and CocoaPods for iOS.
We are excited to announce that SQLCipher 4.6.0 is now available.
The most substantial change in this version relates to default logging behavior. A log feature was added into SQLCipher two years ago in version 4.5.1, and has been improved upon since then, but logging was disabled by default. Starting in 4.6.0 the default configuration will emit ERROR and WARN level log messages upon initialization. Default log output is sent to logcat for Android, Console for iOS and macOS, and stderr for all other platforms.
It is our hope that this default logging will help integrating applications more quickly identify common issues (e.g. incorrect key material) and provide improved visibility of rarer error cases. Log output at the ERROR and WARN level have been carefully reviewed to ensure that sensitive data is not exposed.
Since this represents a behavioral change in SQLCipher the minor version number has been incremented. Applications that wish to suppress log output can execute the following PRAGMA statement as the first operation in a process:
PRAGMA cipher_log_level = NONE;
Additional log configuration is possible using cipher_log and cipher_log_level PRAGMAs.
In addition to the logging changes, there are a few other updates:
SQLCipher Core
- Fixes Apple Privacy Manifest by removing empty
NSPrivacyCollectedDataType from PrivacyInfo.xcprivacy
- Moves Swift support defines for podspec
user_target_xcconfig so they only apply to the consuming project using CocoaPods
- The baseline upstream SQLite remains on 3.45.3 for this release
SQLCipher Commercial and Enterprise
- Improves Android FIPS examples to enable
useLegacyPackaging and extractNativeLibs to ensure .so files are properly extracted
- Fixes an issue with FIPS packages that could lead to an initialization failure for paths containing spaces
- Fixes Apple Privacy Manifest by removing empty
NSPrivacyCollectedDataType from PrivacyInfo.xcprivacy
- Dependent packages continue to use OpenSSL 3.0.13 LTS for this release
Availability
Commercial and Enterprise - On-demand access to new releases of SQLCipher packages are available to all licensees with an active support subscription from the Customer Downloads fulfillment site. Licensees will also receive a separate email notification regarding the update and can contact us at any time for private support directly from the SQLCipher development team.
Community Edition - SQLCipher Community Edition source code is available on GitHub, via AAR packaging for Android, and CocoaPods for iOS.
We are excited to announce that SQLCipher 4.5.7 is now available. It includes the following notable changes:
SQLCipher Core
- Updates baseline to upstream SQLite 3.45.3
- Adds “device” logging and profile target using
os_log for Apple and logcat on Android
- Updates podspec for current Xcode versions, improved Swift support, and Privacy Manifest
- Fixes issues compiling with
SQLITE_OMIT_LOG macro
- Fixes a malformed man page caused by old merge conflict
SQLCipher Commercial and Enterprise
There are a large number of enhancements to the Commercial and Enterprise packages for this release:
- Uses a new optimized SQLCipher cryptographic provider implementation with substantially improved performance (up to 10% in testing)
- iOS shared xcframeworks now come with Privacy Manifests to meet upcoming Apple requirements
- Dependent packages now use OpenSSL 3.0.13 LTS
- SQLCipher Enterprise FIPS packages now use a new FIPS 140-2 Validated Cryptographic Module (contact support for additional details and upgrade instructions)
- Updates ADO.NET framework examples to target .NET Framework 8.1, NUnit3TestAdapter 4.5 and NUnit 4
- All .NET Maui reference projects are updated to use .NET 8
- Updates SQLitePCLRaw dependencies to use 2.1.8
- Updates to sqlite-jdbc to upstream 3.45.3.0
Availability
Commercial and Enterprise - On-demand access to new releases of SQLCipher packages are available to all licensees with an active support subscription from the Customer Downloads fulfillment site. Licensees will also receive a separate email notification regarding the update and can contact us at any time for private support directly from the SQLCipher development team.
Community Edition - SQLCipher Community Edition source code is available on GitHub, via AAR packaging for Android, and CocoaPods for iOS.
Codebook adopted early support for Google Drive as a third-party synchronization service in 2013. To minimize the level of access Codebook has to a user’s Google Drive account, we have introduced a change with our latest release which limits Codebook’s permission to access only the data files we create and upload to Google Drive.
This change will require all users who sync Codebook with Google Drive to authenticate Codebook with Google again. Codebook will remove the previous Google Drive authorization token and upon initiating a sync with Google Drive will request authorization for a more limited access scope where the files Codebook stores are located within an area called user AppData. Codebook will no longer have access to a user’s full Google Drive folder share going forward.
Previous Codebook clients utilize an API key with Google Drive scheduled to retire in 30 days, this will prevent older clients from syncing with Google Drive without an update. We recommend all users update Codebook on every platform at their earliest convenience to have access to this improved security position.