We needed a new PRAGMA! These things happen.
With the release of SQLCipher 2.0, a PRAGMA was added (cipher_use_hmac) which disabled the new per-page HMAC protection feature before opening a database, so that a developer wishing to run SQLCipher 2.0 against a 1.x database could do so. This was important to us because we wanted to provide an easy way for developers to migrate to the new database format. Generally speaking, you'd want to do something like this:
- Open the legacy database, set your key
- Call
PRAGMA cipher_use_hmac = OFF; before opening the legacy database
- ATTACH a new, empty database, which will be encrypted by default and have HMAC on by default
- Copy your database into the attached database using
sqlcipher_export()
That scenario looks about like this on the command line:
$> ./sqlite3 my-legacy-encrypted.db
sqlite> PRAGMA key = 's3cr37';
sqlite> PRAGMA cipher_use_hmac = OFF;
sqlite> ATTACH DATABASE 'new-sqlcipher2.db' AS newdb;
sqlite> SELECT sqlcipher_export('newdb');
sqlite> DETACH DATABASE newdb;
But there are other scenarios, ones in which we really needed to be able to ATTACH one legacy database to another (e.g. data replication). Even though we'd have called PRAGMA cipher_use_hmac = OFF; when opening the first database, the ATTACH operation assumed the new default format, and would report back "database is encrypted or is not a database."
We didn't wish to modify the ATTACH command, and we didn't want to change the behavior of cipher_use_hmac, as the latter's behavior is necessary for developers who wish to migrate and upgrade their databases. Instead, Stephen came up with a new PRAGMA, cipher_default_use_hmac, which is a globally applied setting in SQLCipher, allowing you to turn HMAC protection on and off before you open or ATTACH another encrypted database, so you only need to bother with one setting in your app. Here's an example (where custom_data_replicator() is a made-up function):
$> ./sqlite3 my-legacy-encrypted.db
sqlite> PRAGMA cipher_default_use_hmac = OFF;
sqlite> PRAGMA key = 's3cr37';
sqlite> ATTACH DATABASE 'remote.db' AS remote;
sqlite> SELECT custom_data_replicator('remote');
sqlite> DETACH DATABASE remote;
Pretty dang handy and available now on the master branch—stay tuned to the mailing list for details on new tags and release numbers. You can see the changes here along with updated unit tests.
Meanwhile, I've made some mods to SQLCipherManager to support this specific scenario. Setting the property useHMACPageProtection causes the new global PRAGMA to be called before a database is opened, rather than the older cipher_use_hmac. This allows you to attach 1.x or 2.x databases at will, by changing the setting when you need to, like so:
self.dbManager = [SQLCipherManager sharedManager];
[self.dbManager setUseHMACPageProtection:NO];
@try {
[self.dbManager execute:
[NSString stringWithFormat: @"ATTACH DATABASE '%@' AS remote;", [replicaURL path]];
[self.dbManager beginTransaction];
[self.dbManager execute:@"SELECT custom_data_replicator('remote');"];
[self.dbManager commitTransaction];
[self.dbManager execute:@"DETACH DATABASE remote;"];
}
@catch (NSException *exception) {
// SQLCipher's execute: command now provides handy exceptions!
// For traditional error handling, use execute:error: instead.
NSLog(@"Command failed: %@", [exception reason]);
}
One of the most frequent requests we receive for Strip is support for Android. Android is one of the largest mobile platforms next to iOS. To support this, we first needed to port SQLCipher onto the Android platform. SQLCipher is our open source extension to SQLite that allows for transparent 256-bit AES encryption of database files. We began last year working in conjunction with The Guardian Project on this process. This has required bundling a custom build of the ICU project to allow portability across Android versions 2.1 through 4.0.3 (Ice Cream Sandwich). You can read more on integrating SQLCipher for Android here. With this out of the way, we've been focusing on the application development work and are nearing completion for an initial delivery.
Unlike the iOS platform, where users upgrade to the lastest iOS release quickly, the Android platform is more fragmented due to manufacturers playing a role in the update distribution process - more about this here. That said, we have been working to target Android versions 2.1 and up for Strip on Android - targeting the majority of users. We have also tried to maintain a consistent user experience between the iOS application and Android where it makes sense. An example of where the iOS and Android platforms differ is in their drag and drop support. iOS provides a native drag and drop interaction within their UITableView, requiring you to set an editing mode and handle a few events. On Android however, support was added in 3.0 for drag and drop, prior to that you are left with the implementation details. If you want to be notified when we release Strip for Android, sign up here. We are very excited about adding support for the Android platform and hope you are as well. We will leave you with a screenshot of the upcoming Strip for Android. Thanks!
Strip for Android
Bret Morgan of Cowerks, a good friend of Zetetic, is organizing a cooperative learning program in late April designed to give participants a crash course in iPad/iPhone development.
The approach is unique; instead of a traditional "teacher leads, students learn" class model, participants will work together as a cooperative development group. Following the first half of the Stanford University CS193P iPhoneApplication Development curriculum, the goal is to cover a wide range of iOS topics in just 8 weeks of sessions:
- A Walkthrough of iOS 5
- Objective-C
- Views
- Autorotation, Protocols, & Gestures
- View Controllers
- UIToolbar and iPad Apps
- Controller Lifecycle & Image/Scroll/WebViews
- Table Views
With the course materials and group as a guide, attendees will work both collaboratively and on their own time to learn Objective-C and the relevant SDKs.
It's a really neat concept, so if you're in the NJ area and you've been waiting for a reason to learn iOS development, this could be a great opportunity. Classes start on April 23rd, and registration is open now with early-bird discounts at http://cowerks-ios.eventbrite.com.
SQLCipher started out as a small "proof of concept" project to encrypt databases for one of
our iPhone apps. It has grown over the past three years to become one of the most widely deployed encrypted database libraries. Today, SQLCipher has been integrated on numerous platforms including iOS, Mac OSX, Ruby, Python, Windows, ADO.NET, Java, and, with the help of the team at the
Guardian Project, Android.
Today, we are pleased to announce the release of SQLCipher version 2.0. This release incorporates much of the feedback we've received since the start of the project. Most notably, SQLCipher 2.0 enables tamper resistent databases, performance improvements via custom database page sizes, and easier conversion between database formats. The detailed list of new features and security enhancements follows:
- Per page HMAC - Every database page now includes a message authentication code (MAC) so that individual pages are non-malleable. This change prevents potential attackers who have write access to a database file from making subtle changes to an encrypted page to introduce errors or attempt attacks.
- Custom Page Sizes - This new version introduces a new pragma, cipher_page_size, that can be used to adjust the page size for the encrypted database. This is useful for applications where a larger page size is desirable to increase performance.
- Memory Locking - SQLCipher will lock heap memory used for its internal contexts and key storage, advising the OS that the memory should not be swapped out.
- Pragma Improvements - Separate pragma settings can now be applied to attached databases to support different configurations (i.e. to attach a database with a different key or cipher settings).
- Export - Introduction of a sqlcipher_export convenience function that mirrors the main database schema and data to an attached database. In conjunction with the previous pragma improvements, this allows migrations between encrypted / non-encrypted databases, and adjustments to various settings.
- Code Reorganization - SQLCipher has been refactored to separate the SQLite codec hooks from the encryption implementation. This makes the codebase easier to understand, audit and extend.
- Updated version of SQLite - Based on a newer stable upstream SQLite release, 3.7.9
- Expanded test fixtures - The SQLCipher test suite has almost doubled in size as we've added coverage for even more common use cases and new features.
Like past releases, SQLCipher 2.0 is open source software, distributed under a liberal BSD-style license. We also have binary releases available for sale and licensing on Windows Platforms.
Over the course of the next few weeks we'll be posting more information and details on the new features. We hope you'll find SQLCipher 2.0 is even more secure and full-featured than its predecessor, while preserving the same performance characteristics and no-configuration application implementation of the original. Please check out the new version on GitHub and let us know what you think.
Big news today, Stephen just announced the final release of SQLCipher 2.0! That’s our new(ish) blog for folks who want to subscribe to a news feed specific to the SQLCipher project. Check out the long list of improvements and stay tuned for more updates this week regarding the new features.
Another bit of SQLCipher news you may have missed, if you don’t follow the mailing list: we’ve created an SQLCipher “organization” on Github, and moved the main repo and various associated, supporting projects under it. Find it here on Github!
;)