We are pleased to announce that SQLCipher 4.5.5 is now available. It includes the following notable changes:

SQLCipher Core

• Updates baseline to upstream SQLite 3.42.0
• Does not allow key to be set again on a connection after it has been successfully used for an encryption or decryption operation to prevent accidental database corruption
• Raises an error if a rekey operation is attempted on an unencrypted database
• Raises an error when a key or rekey operation is passed an empty key
• Minor improvements to constant time functions
• Miscellaneous code and comment cleanup

SQLCipher Android

Important Deprecation Notice: We officially announced the availability of the new SQLCipher for Android API in early 2022. The new library features significantly improved performance, support for concurrent database access with connection pooling and WAL, and a simplified internal API based on the AndroidBindings project. It has been widely used in production applications and many active projects have already migrated to the new packages.

As of this release of SQLCipher, 4.5.5, the legacy SQLCipher for Android Package (android-database-sqlcipher) is officially deprecated. We have already shifted development focus almost exclusively to the new project. In addition, we are no longer distributing pre-built Community Edition packages of the legacy library via Maven Central. Developers using the Community Edition of android-database-sqlcipher are strongly encouraged to migrate to the new SQLCipher for Android sqlcipher-android project. The source code for legacy project will remain online indefinitely on GitHub for developers who wish to build the legacy library from source.

Our hope is that this Community Edition deprecation will help encourage rapid adoption of the new SQLCipher for Android package, especially as legacy developers seek to update to underlying OpenSSL 3 LTS support. Instructions for migrating from android-database-sqlcipher to sqlcipher-android may be found here.

SQLCipher Commercial and Enterprise

There are a large number of enhancements to the Commercial and Enterprise packages for this release:

• All SQLCipher non-FIPS packages that use the OpenSSL Cryptographic Provider are now using OpenSSL 3.0.10 LTS
• Adds armhf (32 bit) and arm64 support to SQLCipher for Linux, SQLCipher for Linux .NET, and SQLCipher for JDBC packages
• Adds static libraries (libsqlcipher.a) to SQLCipher for Linux package
• Continued improvement to .NET MAUI and Xamarin in SQLCipher for iOS .NET to add support for iOS arm64 simulator
• Updates SQLCipher for Windows System.Data.SQLite to use System.Data.SQLite 1.0.118 as baseline
• SQLCipher for JDBC now uses xerial/sqlite-jdbc release 3.42.0.0 as baseline
• Updates SQLitePCL.raw dependencies for all .NET packages to version 2.1.5
• Updates minimum versions in all iOS and macOS example projects to support current Xcode requirements

Availability

Commercial and Enterprise - On-demand access to new releases of SQLCipher packages are available to all licensees with an active support subscription from the Customer Downloads fulfillment site. Licensees will also receive a separate email notification regarding the update and can contact us at any time for private support directly from the SQLCipher development team.

Community Edition - SQLCipher Community Edition source code is available on GitHub, via AAR packaging for Android, and CocoaPods for iOS.

We are pleased to announce that SQLCipher 4.5.4 is now available. It includes the following notable changes:

SQLCipher Core

• Updates baseline to use SQLite 3.41.2
• When using an OpenSSL cryptographic provider, PRAGMA cipher_provider_version will return the version loaded at runtime instead of at compile time
• Improves guarding against cryptographic provider initialization failure
• A new encrypted database which is ATTACHed as the first operation after keying the main database will have the same salt as main database
• CocoaPods minimum platform versions are now iOS 11.0, macOS 10.13, tvOS 11.0, and watchOS 7.0

SQLCipher Android

• Breaking Change: Android Database SQLite Exception classes are now used for compatibility with Android Support and Room. All SQLCipher exception classes have been removed. All Android users should adjust their code to import the appropriate exceptions from android.database.* and android.database.sqlite.* after upgrading.
• Breaking Change: Updates android.sqlitex dependency to version 2.2.0. Integrators should adjust the dependencies block in build.gradle accordingly.
• Breaking Change: Minimum supported SDK version updated to 21 on 32 bit platforms for compatibility with upstream SQLite changes
• Fix issue where the use of an incorrect encryption key could be mistakenly identified as database corruption
• All builds updated to use latest LTS version r25c

SQLCipher Commercial and Enterprise

There are a large number of enhancements to the Commercial and Enterprise packages for this release:

• Breaking Change: Android packages have been renamed to remove the -release suffix from .aar files. Integrators should adjust the dependencies block in build.gradle accordingly.
• Improves .NET MAUI support targeting iOS and Android to avoid legacy Xamarin dependencies
• Improves and allows multi target support for Maui and Legacy Xamarin
• Updates NuGet packages to remove deprecated features
• Linux packages now support distributions with older glibc versions (>=2.17) including RedHat 7 and Centos 7
• Adds new example projects for SQLCipher for Android packages
• Removes Windows 8.1 support from SQLCipher for Cordova (platform is no longer supported by Microsoft)
• non-FIPS packages using OpenSSL now include 1.1.1t, except Windows UAP which uses OpenSSL 1.1.1s
• Enables Fortify Source for OpenSSL on older Android platforms
• Updates to sqlite-net 1.8.116 as baseline for the zetetic-sqlite-net-core package
• Updates SQLitePCL.raw dependencies for all .NET packages to version 2.1.4
• SQLCipher for JDBC now uses xerial/sqlite-jdbc release 3.41.2.1 as baseline

Availability

Commercial and Enterprise - On-demand access to new releases of SQLCipher packages are available to all licensees with an active support subscription from the Customer Downloads fulfillment site. Licensees will also receive a separate email notification regarding the update and can contact us at any time for private support directly from the SQLCipher development team.

Community Edition - SQLCipher Community Edition source code is available on GitHub, via AAR packaging for Android, and CocoaPods for iOS.

We are pleased to announce that SQLCipher 4.5.3 is now available. It includes the following noteable changes:

SQLCipher Core

• Updates baseline to use SQLite 3.39.4

SQLCipher Commercial and Enterprise

There are a large number of enhancements to the Commercial and Enterprise packages for this release:

• Enables support for the REGXEP operator
• Introduces new built in math functions
• Improves support for .NET Maui to include cross platform single-project app support for Windows, macOS (Catalyst), iOS, and Android (including a reference application)
• Updates .NET example applications to target latest .NET Core LTS, Microsoft.Data.Sqlite.Core, Microsoft.EntityFrameworkCore.Sqlite.Core, and SQLitePCL.raw
• Removes armv7 and armv7s architectures for iOS and targets SDK 11 to support Xcode 14
• Renames packages from sqlcipher-xamarin-ios and sqlcipher-xamarin-android to sqlcipher-ios-net and sqlcipher-android-net respectively (Xamarin is still supported, this change is only to avoid naming confusion)
• Updates non-FIPS packages using OpenSSL to 1.1.1s
• Updates SQLitePCL.raw dependencies to version 2.1.3
• Updates System.Data.SQLite baseline to version 1.0.117
• Updates JDBC baseline to latest release Important Note: For applications using the JDBC driver, previously the built-in log() function computed the natural logarithm, but it now computes base-10 logarithm

Deprecation Notice: SQLCipher for Cordova 4.5.3 will be the last version to support Windows 8.1. Due to the upcoming end of extended support by Microsoft it will not be included in future releases.

Availability

Commercial and Enterprise - On-demand access to new releases of SQLCipher packages are available to all licensees with an active support subscription from the Customer Downloads fulfillment site. Licensees will also receive a separate email notification regarding the update and can contact us at any time for private support directly from the SQLCipher development team.

Community Edition - SQLCipher Community Edition source code is available on GitHub, via AAR packaging for Android, and CocoaPods for iOS.

We are pleased to announce that SQLCipher 4.5.2 is now available. It includes the following major changes:

SQLCipher Core

• Updates baseline to use SQLite 3.39.2. IMPORTANT: This version includes an upstream SQLite fix for CVE-2022-35737. We recommend any applications dealing with large string inputs (> 2GB) upgrade to the latest release.
• Fixes issue where PRAGMA cipher_memory_security could report OFF when it was actually ON
• Fixes unfreed allocation leak when using OpenSSL version 3.x
• Simplifies OpenSSL multi-version conditional code
• Adds support for building against recent versions of BoringSSL
• Initial public beta release for the new SQLCipher for Android Refresh

SQLCipher Commercial and Enterprise

The following changes and enhancements are available for Commercial and Enterprise packages:

• Java and .NET library wrappers have been updated to the latest available versions.
• non-FIPS packages using OpenSSL now include the latest release of 1.1.1q
• Fixes linking for .NET MAUI iOS targets

Availability

Commercial and Enterprise - On-demand access to new releases of SQLCipher packages are available to all licensees with an active support subscription from the Customer Downloads fulfillment site. Licensees will also receive a separate email notification regarding the update and can contact us at any time for private support directly from the SQLCipher development team.

Community Edition - SQLCipher Community Edition source code is available on GitHub, via AAR packaging for Android, and CocoaPods for iOS.

We are excited to announce the beta availability of a new version of SQLCipher For Android. This new release provides major benefits including optimized support for concurrent database access, drastic performance improvements, API simplification, and codebase modernization. With the new library SQL operations are executed on a ThreadLocal<SQLiteSession> instance which completely eliminates the aggressive locking behavior that could occur with the original version of SQLCipher For Android. Built-in WAL journal mode and connection pooling allows for parallel execution of queries from multiple threads. The updated Java API, based on the android.database package found in the AndroidBindings project, eliminates virtually all dated legacy code from the project.

History

We would like to thank Signal for helping to support the development of this new library which will benefit Android developers everywhere. SQLCipher For Android was initially released over 10 years ago following initial work with Guardian Project, making the security provided by SQLCipher available on the Android ecosystem. A lot has changed over the years; Zetetic continues to maintain the library, integrating new versions of SQLCipher, adding support for 64-bit device architectures, adding Room/Support API integration (thanks commonsguy!), and improving the project integration experience to name a few. SQLCipher For Android was based on an older version of the android.database.sqlite Java API. Unfortunately, this limited the abilities of the library, specifically in terms of concurrency. The new version of the library builds on the solid foundation of SQLCipher for Android with an eye toward concurrency at the forefront.

Availability

As SQLCipher for Android receives downloads in the hundreds of thousands every year, we are taking a safe and measured approach to revising the library; providing stability for developers who depend on the security of SQLCipher is paramount. Zetetic will continue to maintain the original SQLCipher For Android library for some time until the refresh may be considered a full replacement. Initially, the new library will be available in source-only format (available here); developers will need to provide both the SQLCipher amalgamation and OpenSSL dependencies to evaluate the library while we are in a preview state. Eventually, we will publish Community edition AAR artifacts. Commercial and Enterprise SQLCipher customers may access prerelease builds of the new SQLCipher for Android library from the Customer Downloads fulfillment site. While we are releasing the software in preview mode for now, the library is fairly stable and is already in use in on millions of devices with great success.

Performance

To provide some context around the performance difference between the old and new versions of SQLCipher for Android we prepared a small application that bundles both versions of the library and performs a series of multithreaded operations. The scenario represents a single writer operation producing 5,000 records. Concurrently, we have 5 separate reader operations running in separate threads attempting to individually read all data produced by the writer. The old (current) version of SQLCipher for Android took 59.59 seconds to process all records on a Pixel 6 device. The new version was able to complete the same task in 3.01 seconds. We look forward to hearing your feedback regarding the new library as we prepare to continue our support of SQLCipher for Android in the future.