SQLCipher started out as a small "proof of concept" project to encrypt databases for one of our iPhone apps. It has grown over the past three years to become one of the most widely deployed encrypted database libraries. Today, SQLCipher has been integrated on numerous platforms including iOS, Mac OSX, Ruby, Python, Windows, ADO.NET, Java, and, with the help of the team at the Guardian Project, Android.
Today, we are pleased to announce the release of SQLCipher version 2.0. This release incorporates much of the feedback we've received since the start of the project. Most notably, SQLCipher 2.0 enables tamper resistent databases, performance improvements via custom database page sizes, and easier conversion between database formats. The detailed list of new features and security enhancements follows:
Per page HMAC - Every database page now includes a message authentication code (MAC) so that individual pages are non-malleable. This change prevents potential attackers who have write access to a database file from making subtle changes to an encrypted page to introduce errors or attempt attacks.
Custom Page Sizes - This new version introduces a new pragma, cipher_page_size, that can be used to adjust the page size for the encrypted database. This is useful for applications where a larger page size is desirable to increase performance.
Memory Locking - SQLCipher will lock heap memory used for its internal contexts and key storage, advising the OS that the memory should not be swapped out.
Pragma Improvements - Separate pragma settings can now be applied to attached databases to support different configurations (i.e. to attach a database with a different key or cipher settings).
Export - Introduction of a sqlcipher_export convenience function that mirrors the main database schema and data to an attached database. In conjunction with the previous pragma improvements, this allows migrations between encrypted / non-encrypted databases, and adjustments to various settings.
Code Reorganization - SQLCipher has been refactored to separate the SQLite codec hooks from the encryption implementation. This makes the codebase easier to understand, audit and extend.
Updated version of SQLite - Based on a newer stable upstream SQLite release, 3.7.9
Expanded test fixtures - The SQLCipher test suite has almost doubled in size as we've added coverage for even more common use cases and new features.
Over the course of the next few weeks we'll be posting more information and details on the new features. We hope you'll find SQLCipher 2.0 is even more secure and full-featured than its predecessor, while preserving the same performance characteristics and no-configuration application implementation of the original. Please check out the new version on GitHub and let us know what you think.
Zetetic LLC is a small company with a wealth of practical experience in applied security. We are the primary developers behind the SQLCipher encrypted database library, and we maintain a deep focus on Identity Management, Access Management, and Security solutions. Hundreds of organizations and millions of users trust Zetetic’s software and frameworks.