SQLCipher for Android Release—Android N Support

2016-06-23 08:15:00 -0400

We are happy to announce the release of SQLCipher for Android 3.5.1. This is an urgent and mandatory upgrade for applications wishing to support Android N when it is publicly released.

This release of SQLCipher for Android incorporates several major changes to facilitate operating on Android 2.1 through Android N, supporting armeabi, armeabi-v7a, and x86 platforms. The Google Android team contacted us directly, requesting many of the changes below. These changes were mandatory to make SQLCipher for Android compatible with Android N. Below is a highlight of the changes that are included with the latest release:

  1. All internal and third-party library dependencies except for OpenSSL (the crypto provider) have been removed. This includes libbinder, libandroid_runtime, libnativehelper, libcutils, libutils, and libicuc.
  2. Non-essential Google AOSP legacy provider code and supporting code has been removed
  3. The library has been converted to use native UTF-16 encoding internally instead of performing redundant on-the-fly translation
  4. Multiple related changes to the JNI layer
  5. Removal of collation sequences that are dependent on ICU or AOSP libraries

There have been some significant benefits to this effort:

  1. SQLCipher for Android is now compatible with the latest Android N Developer Preview 4 (i.e., build NPD56N)
  2. The build process has been drastically simplified and is now much easier to understand
  3. Issues with characters that fall outside of the basic multilingual plane (e.g. emoticons) have been resolved
  4. Less time is required to build the library from source
  5. Only a single native .so library is required for each platform
  6. The resulting libraries are much smaller that before (armeabi is only 1.6 MB), and no longer require a large supporting ICU database
  7. These architecture changes pave the way for future improvements like API modernization and improved x64 support

Installation

Instructions for installing the latest release of SQLCipher for Android can be found here.

If your previous usage of SQLCipher for Android was packaged as a zip archive that included 3 .so files per platform (i.e., libdatabase_sqlcipher.so, libsqlcipher_android.so, and libstlport_shared.so), you should remove all of those. Our new packaging will only include one .so file (i.e., libsqlcipher.so) for each native platform. In addition to the different native libraries, you should also remove the ICU zip file (i.e., icudt46l.zip) previously included within the assets directory of your application.

Important: This upgrade is required for all applications wishing to support Android N while using SQLCipher for Android. Without this upgrade, current installations of SQLCipher for Android will crash on Android N. We do not know the official release date of Android N, however Google is advising application developers to update their applications for imminent release in Q3. Therefore we strongly advise all applications to begin the upgrade and testing process immediately with this release.

SQLCipher Version Scheme

2016-06-23 08:00:00 -0400

SQLCipher core has long used the versioning scheme defined by semantic versioning, however many of our client libraries have utilized modified schemes to define their versions. As many of the client libraries we utilize as the basis for integrating SQLCipher are open source, often times their version schemes have already been defined.

Having different version schemes for our client libraries introduced confusion around a given library supporting a specific file format associated with a given SQLCipher core release. We may make changes to the upstream client library specific to SQLCipher integration and need a means of conveying that. To address this, we will utilize the X.Y.Z version scheme, for both SQLCipher core and client libraries, however we are adjusting the rules associated with the various version segments to properly align with our domain.

Modified X.Y.Z version rules for SQLCipher:

  • X will map to the major version of SQLCipher (i.e., file format compatibility)
  • Y will map to major changes in the client or core library (i.e., security fix)
  • Z will map to minor changes in the client or core library

We plan to adopt this scheme going forward as we release new and updated client libraries with the aim of simplifying and consildating the versioning schemes across our libraries.

Find in Codebook iOS App Extension Released

2016-06-14 05:00:00 -0400

Today we’re happy to announce the release of Codebook 3.1.0 for iPhone and iPad, featuring a new iOS App Extension, Find in Codebook, allowing you to securely lookup your Codebook records from Mobile Safari and fill out forms on the web. The option is disabled by default, you need to launch the new app once and sign in to make it available. Here it is in action:

PLEASE LAUNCH CODEBOOK AND SIGN IN ONCE PRIOR TO LAUNCHING THE FIND IN CODEBOOK APP EXTENSION

<iframe src=”https://player.vimeo.com/video/170613504” width=”320” height=”568” border:none; allowfullscreen></iframe>

Find in Codebook Demo from Zetetic on Vimeo.

Read on below for step-by-step instructions for setting up Find in Codebook.

This update also introduces an additional password generation option – Diceware. Diceware is a method of creating strong, random, yet easy to remember passphrases:

Diceware Feature Highlight

Version 3.1.0 is available now in the iOS App Store:

Enabling Find in Codebook

  • Update Codebook to 3.1.0
  • Launch Codebook once and sign in
  • Open Safari and visit a webpage
  • Tap on the Action/Share button at the bottom of the view (it looks like an arrow coming out of a box)

Share Button

  • Swipe the bottom (grey icons) row to the end and tap More

Action Extension

  • Look for Find in Codebook in the list and set the switch next to it to On

Find In Codebook Swith

  • Optionally, use the drag handle icon to move it higher up in the list
  • Tap Done

Using Find in Codebook

  • Visit a page with a login form (e.g. https://www.dropbox.com/m/login )
  • Tap on the Action/Share button

Share Button

  • Tap on Find in Codebook

Find In Codebook

  • When prompted, authenticate

Extension Authenticate

  • Tap the entry that best matches the website/URL (e.g. Dropbox)

The results list is broken up into 3 different sections:

  1. Exact Matches - match the URL exactly (e.g. https://www.dropbox.com/m/login)
  2. Host Matches - match the Host (e.g. www.dropbox.com)
  3. Suggestsions - match relevant part of the url (e.g. dropbox)

We recommend entering the full website into the “Website” field of the entry, so that when you visit the login page, the correct result will show up under “Exact Matches”

Extension Result

  • Find in Codebook will return you to Safari and use the record you selected to fill out the form

Credentials Fill

Generating Diceware Passphrases

  • Create a new (or edit an existing) password field

Add Password

  • Select “Generate Random”

Random Generator

  • Select “Character Set”

Charachter Set

  • Select “Diceware”

Select Diceware

  • Choose the number of Diceware words, generate a Diceware password (by tapping the circular arrow), then once you have one you like, tap Done

Generate

SQLCipher 3.4.0 Release

2016-04-05 11:00:00 -0400

We are happy to announce a new release of SQLCipher, version 3.4.0. This release is based upon the upstream version of SQLite 3.11.0, which includes significant performance optimizations to SQLite, you may see up to a 22% performance improvement over the previous version for the same operations.

There are few new features we would like to draw attention to:

  1. JSON support
  2. FTS5 support
  3. PCL support
  4. PRAGMA updates
  5. WatckKit support

JSON support is a relatively new feature included within SQLite as an extension called json1. The json1 extension includes a set of scalar functions for composing, extracting, and manipulating JSON content - a very welcome addition for applications that often interface with JSON.

SQLCipher has long included support for both FTS3, and FTS4, the full-text search facility provided by SQLite. With the 3.4.0 release, we have also included FTS5 support which address issues that could not be fixed in FTS4 without breaking backward compatibility. A few highlights of FTS5 include:

  • FTS5 supports “ORDER BY rank” for returning results in order of decreasing relevancy
  • FTS5 features an API allowing users to create custom auxiliary functions for advanced ranking and text processing applications
  • FTS5 recognizes Unicode separator characters and case equivalence by default

The client libraries found in SQLCipher for Windows Phone and SQLCipher for Windows Runtime have been updated, continuing our transition from sqlite-net to the PCL compatible version based on SQLite.Net-PCL. Upgrading existing applications is rather seamless, requiring minimal code changes generally localized to how the connection to the database is made. The addition of PCL support allows for sharing much of the data model source code, minimizing duplication across platforms.

There are two PRAGMA updates that have been included in SQLCipher 3.4.0. First, we have deprecated the setter PRAGMA for manipulating the cipher used at runtime. Currently, you can still adjust the cipher used, on crypto providers that support switching, however this will return an error state and will be removed in a future release. We have added a new PRAGMA, PRAGMA cipher_provider_version that will provide the version of the crypto provider that was compiled within SQLCipher if available, this information will only be available following the keying of a database.

We are now offering commercial builds of SQLCipher targeting Apple WatchKit supporting i386, armv7k, x86_64, allowing you to further secure databases stored on the Apple Watch. ⌚

Availability

SQLCipher in source format is directly available here. The community edition of SQLCipher for Android is available via AAR packaging using the following line:

compile 'net.zetetic:android-database-sqlcipher:3.4.0@aar'

Updates to commercial builds are available now. Information regarding the purchase of both commercial and enterprise offerings of SQLCipher can be found here. The 3.4.0 version of SQLCipher includes many new, exciting features we are excited to share with you. Please give it a spin!

Codebook Journal and Improved Touch ID Security

2016-03-29 06:20:00 -0400

We’ve been putting a lot of elbow grease into our password manager Codebook since the 3.0 update at the beginning of the year and we got to share some of that work in recent updates this month for iOS and Mac. On Monday March 14th we released 3.0.3 for Mac and Tuesday the 15th we released 3.0.4 for iPhone and iPad. Many of our point releases focus on a small number of issues, but this is a pretty big update between the two with dozens of bug fixes, improvements, a new feature, and improved security for Touch ID login on iOS. This is a free update for all customers.

The new Journal view

Journal is a new view in Codebook for iOS and OS X that shows all the notes in your database in one place, sorted either by the date the note was created or the date it was updated (up to you.) Notes are still stored in categories alongside multi-field records, this view makes it possible to keep track of those notes over time.

Codebook Iphone Journal

Were you a user of Codebook 2 on iOS? You can rearrange your tabs in Codebook 3 on iOS to show the Journal view first if you prefer to use the app as a secure notebook. Just tap on the More tab, then Edit, and arrange your tabs as you like:

Iphone Rearrange Tabs

On OS X you can find Journal in the Views list (or access it directly by using the shortcut shift command 3), and the sorting preference is available under Preferences:

The Journal view will be coming to Windows and Android soon.

Improved Security for Touch ID Login

Codebook on iPhone and iPad offers a setting that allows the user to enable the use of Touch ID fingerprint authentication for logging in to Codebook. This makes it much easier to use a strong master password on mobile devices where typing it in can be a bit arduous.

Recently an attack on this was suggested by Per Thorsheim of Godpraksis and the Passwords conference, where another person with knowledge of your iOS device passcode (perhaps a family member) could use that to add their own fingerprint to the list of authorized fingerprints and thereby impersonate the owner at Touch ID prompts like the one in Codebook.

Fortunately, in iOS 9 Apple introduced some new security restrictions that we as developers can take advantage of to help prevent this. Version 3.0.4 improves Touch ID login for Codebook on iOS 9 in two ways:

  1. If Touch ID authentication is used with Codebook it will no longer allow fallback to the device passcode
  2. If changes are made to registered fingerprints in iOS Codebook will not allow Touch ID for authentication and require you to reenable this feature

To take advantage of these improvements sign in to Codebook, tap on the Settings tab, then Login Settings. There disable and then enable the Touch ID login feature.

Import and Export on Mac

Codebook for OS X has not always done a particularly stellar job when it came to importing data, especially large amounts of it. This version introduces a completely revamped Import feature that rips through large CSV files and is more tolerant of text files that aren’t encoded in UTF8.

Import on the Mac side no longer provides the ability to do bulk updates of existing records by including a column named EntryID. We never provided it on Windows and we’ve always been a bit skeptical of its utility. Now all rows are treated as new records to be created.

To facilitate the creation of Notes one can now include a column named Note Entry, each row with a value in this column’s field will be treated as Note rather than a multi-field Entry.

Export to CSV no longer includes the EntryID column, and provides the contents of Notes in the Note Entry field. There is also a new option on the Export dialog where you can select Plain Text output instead. This produces an unencrypted text document suitable for printing should you wish to have a hard backup of your data for safe storage.

Accessibility and Keyboard Shortcuts

Throughout Codebook for OS X we’ve been working to ensure that the application is fully accessible; any task one could accomplish with a mouse should also be available using the keyboard. We’re not all the way there yet but we’re on our way, adding new shortcuts where they were missing and improving the options available in the File and View menus. For instance, one can now access the new Views above the Categories list by using the shortcuts for them under the View menu (e.g. Use command 3 to select the Journal view). You can keep up with all our keyboard shortcuts here. We’ve also been going through the interface adding better labels for voice-over support for identifying controls. Coming soon: a Cut feature for entries, a keyboard shortcut for removing fields, and Undo for editing an entry (in case you really didn’t want to delete that field).

Stay tuned for more updates, we’ve got more good things coming for Codebook, big and small!