SQLCipher 2.2.0 Release

2013-06-27 12:45:57 -0400

We would like to announce the release of SQLCipher 2.2.0. The follow highlights changes included in this release:

  • Configurable crypto providers including experimental support for CommonCrypto and LibTomCrypt
  • A change to the native CursorWindow to remove usage of private android::MemoryBase
  • Renaming of generated binaries from sqlite3 to sqlcipher
  • Based on SQLite version 3.7.17

We have renamed both the library and shell from sqlite3 to sqlcipher (e.g. previously libraries which have been named libsqlite3.so are now named libsqlcipher.so, and the command line tool is now called sqlcipher instead of sqlite3). As the use of SQLCipher grows, this change will aid in isolating conflicts from system installed versions of SQLite. We have also narrowed the usage of non-static interfaces within the source. Thanks to Hans-Christoph Steiner from the Guardian Project for contributing the patches he used to prep SQLCipher for Debian.

We are also introducing configurable crypto providers in this release. OpenSSL remains the default provider, but we have included experimental support for both the Apple CommonCrypto library and the open source LibTomCrypt library.

To support this change, we have added an additional configure flag called --with-crypto-lib. Currently, you can specify one of the following values: openssl, commoncrypto, libtomcrypt, or none for amalgamation builds. If this flag is not included at configure, OpenSSL is used by default.

An example of building SQLCipher with CommonCrypto follows:

./configure --enable-load-extension --enable-tempstore=yes \
--with-crypto-lib=commoncrypto \
CFLAGS="-DSQLITE_HAS_CODEC -DSQLITE_ENABLE_FTS3" \
LDFLAGS="/System/Library/Frameworks/Security.framework/Versions/Current/Security"

Applications that are compiling in the SQLCipher amalgamation or using the Xcode project can experiment with Common Crypto support by removing the openssl-xcode sub project and link dependencies, defining SQLCIPHER_CRYPTO_CC (i.e. adding a -DSQLCIPHER_CRYPTO_CC compiler flag), and adding Security.framework to the link libraries for the project.

An example of building SQLCipher with LibTomCrypt follows:

./configure --enable-load-extension --enable-tempstore=yes \
--with-crypto-lib=libtomcrypt \
CFLAGS="-DSQLITE_HAS_CODEC -DSQLITE_ENABLE_FTS3 \
-I/Users/nparker/src/libtomcrypt-1.17/src/headers" \
LDFLAGS="-L/Users/nparker/src/libtomcrypt-1.17/ -ltomcrypt"

Please note that the LibTomCrypt implementation is still in the formative stages, and should not be used for any real production implementations at this time due to limited entropy in RNG seeding.

Following compilation, once a key has been provided to properly initialize a cipher context, you can verify which provider you are using by executing the following read-only PRAGMA:

PRAGMA cipher_provider;

Finally, this release includes a fix to the native CursorWindow that removes the usage of android::MemoryBase. This resolves an issue under an upcoming Android platform release that marks this API as private and causes a crash.

The latest source can be found here [1]. We've also prepared a binary package of SQLCipher for Android here [2]. Please take a look, try out the new library changes and give us your feedback - we welcome it! Thanks!

[1]: https://github.com/sqlcipher/sqlcipher
[2]: https://s3.amazonaws.com/sqlcipher/SQLCipher+for+Android+2.2.0.zip

blog comments powered by Disqus