SQLCipher for Android 3.5.2 Release

2016-07-07 08:15:00 -0400

SQLCipher for Android 3.5.2 was just released, addressing two specific items since our recent Android N release. First, we have corrected an issue in which the UTF-16 encoded content was not translated correctly under a few specific situations. In a scenario where the underlying type affinity of the column of the database is TEXT, and numeric values were stored in that column, queries that returned that value and attempted to retrieve the value via getInt(…) or getDouble(…) would incorrectly translate the content, misrepresenting the stored value. This has been corrected, and tests have been added to the SQLCipher for Android test suite to track the correct behavior for the future.

The last change updates the C++ library support included within the native platform libraries, switching from the LLVM C++ static library to the STLport static library. This provides increased support on certain deployment scenarios specific to the armeabi platform. We have updated the SQLCipher for Android integration tutorial providing instructions for utilizing the latest binaries.

SQLCipher for Android Release—Android N Support

2016-06-23 08:15:00 -0400

We are happy to announce the release of SQLCipher for Android 3.5.1. This is an urgent and mandatory upgrade for applications wishing to support Android N when it is publicly released.

This release of SQLCipher for Android incorporates several major changes to facilitate operating on Android 2.1 through Android N, supporting armeabi, armeabi-v7a, and x86 platforms. The Google Android team contacted us directly, requesting many of the changes below. These changes were mandatory to make SQLCipher for Android compatible with Android N. Below is a highlight of the changes that are included with the latest release:

  1. All internal and third-party library dependencies except for OpenSSL (the crypto provider) have been removed. This includes libbinder, libandroid_runtime, libnativehelper, libcutils, libutils, and libicuc.
  2. Non-essential Google AOSP legacy provider code and supporting code has been removed
  3. The library has been converted to use native UTF-16 encoding internally instead of performing redundant on-the-fly translation
  4. Multiple related changes to the JNI layer
  5. Removal of collation sequences that are dependent on ICU or AOSP libraries

There have been some significant benefits to this effort:

  1. SQLCipher for Android is now compatible with the latest Android N Developer Preview 4 (i.e., build NPD56N)
  2. The build process has been drastically simplified and is now much easier to understand
  3. Issues with characters that fall outside of the basic multilingual plane (e.g. emoticons) have been resolved
  4. Less time is required to build the library from source
  5. Only a single native .so library is required for each platform
  6. The resulting libraries are much smaller that before (armeabi is only 1.6 MB), and no longer require a large supporting ICU database
  7. These architecture changes pave the way for future improvements like API modernization and improved x64 support

Installation

Instructions for installing the latest release of SQLCipher for Android can be found here.

If your previous usage of SQLCipher for Android was packaged as a zip archive that included 3 .so files per platform (i.e., libdatabase_sqlcipher.so, libsqlcipher_android.so, and libstlport_shared.so), you should remove all of those. Our new packaging will only include one .so file (i.e., libsqlcipher.so) for each native platform. In addition to the different native libraries, you should also remove the ICU zip file (i.e., icudt46l.zip) previously included within the assets directory of your application.

Important: This upgrade is required for all applications wishing to support Android N while using SQLCipher for Android. Without this upgrade, current installations of SQLCipher for Android will crash on Android N. We do not know the official release date of Android N, however Google is advising application developers to update their applications for imminent release in Q3. Therefore we strongly advise all applications to begin the upgrade and testing process immediately with this release.

SQLCipher Version Scheme

2016-06-23 08:00:00 -0400

SQLCipher core has long used the versioning scheme defined by semantic versioning, however many of our client libraries have utilized modified schemes to define their versions. As many of the client libraries we utilize as the basis for integrating SQLCipher are open source, often times their version schemes have already been defined.

Having different version schemes for our client libraries introduced confusion around a given library supporting a specific file format associated with a given SQLCipher core release. We may make changes to the upstream client library specific to SQLCipher integration and need a means of conveying that. To address this, we will utilize the X.Y.Z version scheme, for both SQLCipher core and client libraries, however we are adjusting the rules associated with the various version segments to properly align with our domain.

Modified X.Y.Z version rules for SQLCipher:

  • X will map to the major version of SQLCipher (i.e., file format compatibility)
  • Y will map to major changes in the client or core library (i.e., security fix)
  • Z will map to minor changes in the client or core library

We plan to adopt this scheme going forward as we release new and updated client libraries with the aim of simplifying and consildating the versioning schemes across our libraries.

Find in Codebook iOS App Extension Released

2016-06-14 05:00:00 -0400

Today we’re happy to announce the release of Codebook 3.1.0 for iPhone and iPad, featuring a new iOS App Extension, Find in Codebook, allowing you to securely lookup your Codebook records from Mobile Safari and fill out forms on the web. The option is disabled by default, you need to launch the new app once and sign in to make it available. Here it is in action:

PLEASE LAUNCH CODEBOOK AND SIGN IN ONCE PRIOR TO LAUNCHING THE FIND IN CODEBOOK APP EXTENSION

Find in Codebook Demo from Zetetic on Vimeo.

Read on below for step-by-step instructions for setting up Find in Codebook.

This update also introduces an additional password generation option – Diceware. Diceware is a method of creating strong, random, yet easy to remember passphrases:

Diceware Feature Highlight

Version 3.1.0 is available now in the iOS App Store:

Enabling Find in Codebook

  • Update Codebook to 3.1.0
  • Launch Codebook once and sign in
  • Open Safari and visit a webpage
  • Tap on the Action/Share button at the bottom of the view (it looks like an arrow coming out of a box)

Share Button

  • Swipe the bottom (grey icons) row to the end and tap More

Action Extension

  • Look for Find in Codebook in the list and set the switch next to it to On

Find In Codebook Swith

  • Optionally, use the drag handle icon to move it higher up in the list
  • Tap Done

Using Find in Codebook

  • Visit a page with a login form (e.g. https://www.dropbox.com/m/login )
  • Tap on the Action/Share button

Share Button

  • Tap on Find in Codebook

Find In Codebook

  • When prompted, authenticate

Extension Authenticate

  • Tap the entry that best matches the website/URL (e.g. Dropbox)

The results list is broken up into 3 different sections:

  1. Exact Matches - match the URL exactly (e.g. https://www.dropbox.com/m/login)
  2. Host Matches - match the Host (e.g. www.dropbox.com)
  3. Suggestsions - match relevant part of the url (e.g. dropbox)

We recommend entering the full website into the “Website” field of the entry, so that when you visit the login page, the correct result will show up under “Exact Matches”

Extension Result

  • Find in Codebook will return you to Safari and use the record you selected to fill out the form

Credentials Fill

Generating Diceware Passphrases

  • Create a new (or edit an existing) password field

Add Password

  • Select “Generate Random”

Random Generator

  • Select “Character Set”

Charachter Set

  • Select “Diceware”

Select Diceware

  • Choose the number of Diceware words, generate a Diceware password (by tapping the circular arrow), then once you have one you like, tap Done

Generate

SQLCipher 3.4.0 Release

2016-04-05 11:00:00 -0400

We are happy to announce a new release of SQLCipher, version 3.4.0. This release is based upon the upstream version of SQLite 3.11.0, which includes significant performance optimizations to SQLite, you may see up to a 22% performance improvement over the previous version for the same operations.

There are few new features we would like to draw attention to:

  1. JSON support
  2. FTS5 support
  3. PCL support
  4. PRAGMA updates
  5. WatckKit support

JSON support is a relatively new feature included within SQLite as an extension called json1. The json1 extension includes a set of scalar functions for composing, extracting, and manipulating JSON content - a very welcome addition for applications that often interface with JSON.

SQLCipher has long included support for both FTS3, and FTS4, the full-text search facility provided by SQLite. With the 3.4.0 release, we have also included FTS5 support which address issues that could not be fixed in FTS4 without breaking backward compatibility. A few highlights of FTS5 include:

  • FTS5 supports “ORDER BY rank” for returning results in order of decreasing relevancy
  • FTS5 features an API allowing users to create custom auxiliary functions for advanced ranking and text processing applications
  • FTS5 recognizes Unicode separator characters and case equivalence by default

The client libraries found in SQLCipher for Windows Phone and SQLCipher for Windows Runtime have been updated, continuing our transition from sqlite-net to the PCL compatible version based on SQLite.Net-PCL. Upgrading existing applications is rather seamless, requiring minimal code changes generally localized to how the connection to the database is made. The addition of PCL support allows for sharing much of the data model source code, minimizing duplication across platforms.

There are two PRAGMA updates that have been included in SQLCipher 3.4.0. First, we have deprecated the setter PRAGMA for manipulating the cipher used at runtime. Currently, you can still adjust the cipher used, on crypto providers that support switching, however this will return an error state and will be removed in a future release. We have added a new PRAGMA, PRAGMA cipher_provider_version that will provide the version of the crypto provider that was compiled within SQLCipher if available, this information will only be available following the keying of a database.

We are now offering commercial builds of SQLCipher targeting Apple WatchKit supporting i386, armv7k, x86_64, allowing you to further secure databases stored on the Apple Watch. ⌚

Availability

SQLCipher in source format is directly available here. The community edition of SQLCipher for Android is available via AAR packaging using the following line:

compile 'net.zetetic:android-database-sqlcipher:3.4.0@aar'

Updates to commercial builds are available now. Information regarding the purchase of both commercial and enterprise offerings of SQLCipher can be found here. The 3.4.0 version of SQLCipher includes many new, exciting features we are excited to share with you. Please give it a spin!