SQLCipher is typically used as a critical security component. As a result, the potential for a dependency on an outdated library without an official support channel or software updates is usually considered an unacceptable risk for security conscious customers. Zetetic offers several support options for SQLCipher, the details of which are described here.

CipherCare

CipherCare is Zetetic's support and maintenance subscription program for SQLCipher Commercial Edition. It addresses these concerns by providing customers with:

  • On-demand access to the most current licensed SQLCipher packages
  • Direct email notification of available updates
  • Private priority email support directly from Zetetic, the developers of SQLCipher

In addition to staying up-to-date, active CipherCare subscribers are free to contact us at any time about SQLCipher, for example, to ask questions about:

  • Optimizing performance of SQLCipher-based applications
  • Configurable settings for specific security requirements
  • General, high-level implementation guidance for incorporating SQLCipher into an application
  • Migration of existing databases to use SQLCipher encryption
  • Packaging and deployment
  • Technical design of SQLCipher (i.e. how it works)
  • Build / integration issues
  • Requested feature enhancements
  • Any other technical inquiries about SQLCipher operations

While there is no guaranteed response time SLA for CipherCare, we strive to respond quickly to priority requests, usually within one business day.

Zetetic offers one free year of CipherCare support to any Commercial Edition edition licensees, so customers are encouraged to enroll in CipherCare at the time of purchase. CipherCare renews annually for each licensed SQLCipher library, but the subscription can be cancelled at any time.

CipherCare Enterprise

The SQLCipher Enterprise program offers an extended version of CipherCare tailored to the needs of larger organizations with more advanced support requirements. CipherCare Enterprise includes all of the benefits of the regular CipherCare, but adds the following:

  • Enhanced support including via pre-scheduled telephone call, pre-scheduled web meeting, or emergency telephone call
  • Direct delivery of new releases to a private, customer-specific software delivery share
  • Code review of applications using SQLCipher
  • Specific implementation guidance for incorporating SQLCipher into an application
  • Detailed troubleshooting and analysis of reported issues (e.g. on specific hardware, interoperating with other software)
  • Consultation with staff developers as required to fulfill support objectives
  • Assurance of continued support and updates to licensed packages during the term of the agreement

CipherCare Enterprise also provides customers with a Service Level Agreement guaranteeing issue acknowledgement times by severity, i.e. SEV 1: < 24 hr; SEV 2: < 1 business day; SEV 3: < 3 business days; SEV 4: As available. We can also accommodate other SLA requirements under the Enterprise program as well. Regardless of severity level, all Enterprise support requests are considered high priority compared to comparable requests made via public channels or lower-level support agreements.

Community Support

For those using the Open Source Community Edition software, the primary venue for free support and announcements is the SQLCipher discussion site. This resource provides a searchable forum where community members can come together to ask questions and get answers about SQLCipher.

All non-CipherCare requests should initially be opened in the community discussion site! GitHub issues are reserved for reproducible bug reports, and we are unable to provide private support for Community Edition users.

Bug Reports and Pull Requests

Bug reports for specific issues in SQLCipher should be reported to the project GitHub Issues Page. Note that only legitimate reproducible bugs should be filed on the GitHub page; if you're not sure, please post to the discuss site first!

The SQLCipher project also welcomes Pull Requests. Please note that a current contributor license agreement is required before any patches will even be looked at for consideration.

Security Disclosures

We take the security of SQLCipher very seriously, and sincerely appreciate private advanced notification of any issues, in a responsible manner, before public disclosures that could put users at risk.

Please consult the security disclosure page for detailed instructions on how to securely contact us about any critical security related issues.