SQLCipher 4.1.0 Release

2019-03-19 08:00:00 -0400

SQLCipher 4.1.0 is now available, the first minor release in the 4 series of the library. This update to SQLCipher 4.1.0 includes the following important changes to the library:

SQLCipher Core

  • Based on upstream SQLite 3.27.2 (current latest)
  • Defer reading salt from database header until key derivation is required
  • Add PRAGMA commands: cipher_settings and cipher_default_settings to query current runtime configurations
  • Disable backup API for encrypted databases
  • Deprecate the following PRAGMA commands: fast_kdf_iter, cipher_hmac_pgno, cipher_hmac_salt_mask
  • Improve sqlcipher_export routine and restore all database flags
  • Clear buffer if cipher operation fails

SQLCipher Core Details

SQLCipher now defers reading the salt from the database header until key derivation occurs. Previously, SQLCipher would read the database header when the codec was attached to determine the per database salt. Unfortunately, this could present a problem where a client library which creates multiple connections to the same database file that do not initially exist. When the first connection triggers a codec to attach, SQLCipher would attempt to read the database salt from the file, or create a salt when not present, however the salt is not written to disk at this point. Subsequently, if a secondary connection is used with the same database file, when the codec attaches and the salt value determined, a different salt value will be created if the first connection hasn’t written to disk. SQLCipher now defers determining a salt value from the database until the key derivation process occurs, this prevents the scenario above from occurring.

Two new convenience PRAGMA’s were added that target the runtime configuration settings for SQLCipher. The new PRAGMA commands cipher_settings and cipher_default_settings allow a user to read at runtime the exact configuration settings used for the current connection.

The SQLite backup API has never been supported within SQLCipher for encrypted databases due to incompatibility of the API within the context of SQLCipher. We now disable this feature when the database is encrypted. Alternatively, the sqlcipher_export(...) convenience function may be a solution for those looking for a backup of an encrypted database.

The sqlcipher_export routine has improved sourcing of table naming which addresses scenarios where the sqlite_master table are modified externally by users. The database flags are fully restored now following the completion of the export process.

Finally, we have deprecated several PRAGMA commands which will be removed in a future release of SQLCipher: fast_kdf_iter, cipher_hmac_pgno, cipher_hmac_salt_mask.

SQLCipher for Android (4.1.3)

  • Add support for keying database from byte array
  • Fix to release the lock when an exception is thrown

SQLCipher for .NET, Xamarin, and Windows

For client developers integrating with the popular sqlite-net client library, a fix is in place for those using the asynchronous variant of the library via SQLiteAsyncConnection which addresses a situation where creating a new database file may have caused an error in some situations.


Commercial Edition - On-demand access to new releases of SQLCipher Commercial Edition are available to licensees with an active CipherCare subscriber subscription, along with private, prioritized support directly from Zetetic. CipherCare subscribers will receive a separate email notification regarding the update and can contact us to request the latest SQLCipher distribution and applicable software license codes.

SQLCipher Enterprise Program - Enterprise Program Subscription customers will receive a separate email notification about the release, and the latest SQLCipher packages and license codes will be provided directly via your organization’s private online software delivery share.

Community Edition - SQLCipher 4.1.0 in source format is directly available on GitHub. The Community Edition of SQLCipher for Android (4.1.3) is available via AAR packaging. The Community Edition of SQLCipher for iOS can be compiled from source or using CocoaPods.