SQLCipher started out as a small "proof of concept" project to encrypt databases for one of our iPhone apps.
It has grown over the past three years to become one of the most widely deployed encrypted database libraries. Today, SQLCipher has been integrated on numerous platforms including iOS, Mac OSX, Ruby, Python, Windows, ADO.NET, Java, and, with the help of the team at the Guardian Project
Today, we are pleased to announce the release of SQLCipher version 2.0. This release incorporates much of the feedback we've received since the start of the project. Most notably, SQLCipher 2.0 enables tamper resistent databases, performance improvements via custom database page sizes, and easier conversion between database formats. The detailed list of new features and security enhancements follows:
- Per page HMAC - Every database page now includes a message authentication code (MAC) so that individual pages are non-malleable. This change prevents potential attackers who have write access to a database file from making subtle changes to an encrypted page to introduce errors or attempt attacks.
- Custom Page Sizes - This new version introduces a new pragma, cipher_page_size, that can be used to adjust the page size for the encrypted database. This is useful for applications where a larger page size is desirable to increase performance.
- Memory Locking - SQLCipher will lock heap memory used for its internal contexts and key storage, advising the OS that the memory should not be swapped out.
- Pragma Improvements - Separate pragma settings can now be applied to attached databases to support different configurations (i.e. to attach a database with a different key or cipher settings).
- Export - Introduction of a sqlcipher_export convenience function that mirrors the main database schema and data to an attached database. In conjunction with the previous pragma improvements, this allows migrations between encrypted / non-encrypted databases, and adjustments to various settings.
- Code Reorganization - SQLCipher has been refactored to separate the SQLite codec hooks from the encryption implementation. This makes the codebase easier to understand, audit and extend.
- Updated version of SQLite - Based on a newer stable upstream SQLite release, 3.7.9
- Expanded test fixtures - The SQLCipher test suite has almost doubled in size as we've added coverage for even more common use cases and new features.
Like past releases, SQLCipher 2.0 is open source software, distributed under a liberal BSD-style license. We also have binary releases available for sale and licensing on Windows Platforms.
Over the course of the next few weeks we'll be posting more information and details on the new features. We hope you'll find SQLCipher 2.0 is even more secure and full-featured than its predecessor, while preserving the same performance characteristics and no-configuration application implementation of the original. Please check out the new version on GitHub and let us know what you think.
Big news today, Stephen just announced the final release of SQLCipher 2.0! That’s our new(ish) blog for folks who want to subscribe to a news feed specific to the SQLCipher project. Check out the long list of improvements and stay tuned for more updates this week regarding the new features.
Another bit of SQLCipher news you may have missed, if you don’t follow the mailing list: we’ve created an SQLCipher “organization” on Github, and moved the main repo and various associated, supporting projects under it. Find it here on Github!
Codebook 1.6.1 is now available in the iTunes App Store, providing one of the biggest feature upgrades the app has seen to date. Many of these new features were on our customers' wish-lists for some time, and they make the app much nicer to use. Read on to find out what’s changed!
- In-app prefs are now accessible from Note view toolbar
- Alpha-numeric sorting option for notes
- Search inside a note and jump directly to text
- Manual sorting option for notes
- AutoCorrect for note editing now available
- Preference to clear pasteboard on exit
- Share note via email as password-protected PDF
- Adjustable font face and size for notes
- Updated password reset screen
- Auto-upgrade database schema on Dropbox when possible
- iOS 3 is no longer supported
- Cancel button on dropbox login controller did not work in iOS 5
- Deleting a note in search view caused crash
- Dropbox sync failed on database version mis-match, reported password mis-match
- Editing in landscape mode was a little busted
- Error messages during sync were cryptic
As of Jan 4th, Strip 1.6.3 (for iOS) is available in the iTunes App Store. This is our best release of Strip to date, providing a slew of major and minor bug-fixes over the previous rev, and a number of new improvements and features. All customers are strongly encouraged to upgrade, this should be a smooth one.
This may seem like a minor thing, but the password reset screen got a lot of needed love, as did the shake-to-generate password generator. The latter no longer requires you to shake the device to generate a password, but the accelerometer is still being used for entropy, so we encourage you to wave your iPhone around in public like a maniac before settling on a random password.
There’s also a couple of new preferences available in Settings: defaulting the login keyboard to the numeric keypad (we still discourage this, but it’s been on some of your wish-lists for a long time), and ensuring the pasteboard is cleared of copied data when you exit Strip.
What’s Been Fixed
Editing text for notes in landscape mode has been fixed, and we’ve made it easier to view longer field values on the entry screen by shrinking longer text a bit to fit. We also fixed a nasty but hard-to-track-down bug involving memory warnings and the login screen, which could cause the screen to go blank, and data loss could occur in obscure cases as a result.
Sync operations on the whole should be smoother, and error messages far more informative. In addition, we fixed a couple of nuisance issues you could run into when syncing with Dropbox. Strip now properly reports whether the remote database has a different password (or a different database version—it will automatically update an older database schema before replicating). When a Dropbox operation errors out due to such a condition, Strip will remove the lock-file it places in your Dropbox so you don’t get an additional error on your next sync.
Thanks are due to our beta testers! Thanks very much for taking a chance on the newest version of Strip before we were sure it was ready for public distribution.
This Sunday night, December 11th at 9pm EDT, Tempo and our other web systems will be temporarily unavailable while we perform critical system updates to ensure the stability of our services. This includes the Tempo API, the purchase site for Strip for Windows, the Connect website, our support site for Codebook, and zetetic.net, hosting this blog.
Down time could last up to 2 hours, but we do not expect this to be the case. If you need to get in touch with us for any reason, please don’t hesitate.