diff --git a/.env.example b/.env.example
index 9479354..2f4ad63 100644
--- a/.env.example
+++ b/.env.example
@@ -7,7 +7,7 @@ TZ=UTC
 # Copy this file to .env and customize
 
 # Image version to run (set by build.sh, or use 'latest')
-JAMA_VERSION=0.9.1
+JAMA_VERSION=0.9.2
 
 # Default admin credentials (used on FIRST RUN only)
 ADMIN_NAME=Admin User
diff --git a/Dockerfile b/Dockerfile
index 8b42aaa..31efb4b 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -26,7 +26,7 @@ LABEL org.opencontainers.image.title="jama" \
 
 ENV JAMA_VERSION=${VERSION}
 
-RUN apk add --no-cache sqlite sqlcipher python3 make g++ openssl-dev
+RUN apk add --no-cache sqlite python3 make g++ openssl-dev
 
 WORKDIR /app
 
diff --git a/backend/package.json b/backend/package.json
index 4e028dc..f85cdf4 100644
--- a/backend/package.json
+++ b/backend/package.json
@@ -1,6 +1,6 @@
 {
   "name": "jama-backend",
-  "version": "0.9.1",
+  "version": "0.9.2",
   "description": "TeamChat backend server",
   "main": "src/index.js",
   "scripts": {
@@ -19,7 +19,7 @@
     "sharp": "^0.33.2",
     "socket.io": "^4.6.1",
     "web-push": "^3.6.7",
-    "better-sqlite3-sqlcipher": "^9.4.3"
+    "better-sqlite3-multiple-ciphers": "^12.6.2"
   },
   "devDependencies": {
     "nodemon": "^3.0.2"
diff --git a/backend/scripts/encrypt-db.js b/backend/scripts/encrypt-db.js
index 591645c..71a8219 100644
--- a/backend/scripts/encrypt-db.js
+++ b/backend/scripts/encrypt-db.js
@@ -74,7 +74,7 @@ if (header.toString('ascii') !== MAGIC) {
 
 let Database;
 try {
-  Database = require('better-sqlite3-sqlcipher');
+  Database = require('better-sqlite3-multiple-ciphers');
 } catch (e) {
   console.error('ERROR: better-sqlite3-sqlcipher is not installed.');
   console.error('Run: npm install better-sqlite3-sqlcipher');
@@ -95,20 +95,20 @@ try {
   console.log('Step 1/4  Opening plain database...');
   const plain = new Database(DB_PATH);
 
-  // Create the encrypted copy using SQLCipher ATTACH + sqlcipher_export
+  // Create encrypted copy using sqlcipher_export via ATTACH
   console.log('Step 2/4  Encrypting to temporary file...');
   const safeKey = DB_KEY.replace(/'/g, "''");
-  plain.exec(`
-    ATTACH DATABASE '${encPath}' AS encrypted KEY '${safeKey}';
-    SELECT sqlcipher_export('encrypted');
-    DETACH DATABASE encrypted;
-  `);
+  plain.exec(`ATTACH DATABASE '${encPath}' AS encrypted KEY '${safeKey}'`);
+  plain.exec(`SELECT sqlcipher_export('encrypted')`);
+  plain.exec(`DETACH DATABASE encrypted`);
   plain.close();
 
-  // Verify the encrypted file opens correctly
+  // Verify the encrypted file opens correctly with cipher settings
   console.log('Step 3/4  Verifying encrypted database...');
   const enc = new Database(encPath);
-  enc.pragma(`key = '${safeKey}'`);
+  enc.pragma(`cipher='sqlcipher'`);
+  enc.pragma(`legacy=4`);
+  enc.pragma(`key='${safeKey}'`);
   const count = enc.prepare("SELECT COUNT(*) as n FROM sqlite_master").get();
   enc.close();
   console.log(`          OK — ${count.n} objects found in encrypted DB`);
diff --git a/backend/src/models/db.js b/backend/src/models/db.js
index 67e4387..430dfe9 100644
--- a/backend/src/models/db.js
+++ b/backend/src/models/db.js
@@ -1,4 +1,4 @@
-const Database = require('better-sqlite3-sqlcipher');
+const Database = require('better-sqlite3-multiple-ciphers');
 const path = require('path');
 const fs = require('fs');
 const bcrypt = require('bcryptjs');
@@ -18,9 +18,13 @@ function getDb() {
     }
     db = new Database(DB_PATH);
     if (DB_KEY) {
-      // Apply encryption key — must be the very first pragma before any other DB access
-      db.pragma(`key = '${DB_KEY.replace(/'/g, "''")}'`);
-      console.log('[DB] Encryption key applied');
+      // Use SQLCipher4 AES-256-CBC — compatible with standard sqlcipher CLI and DB Browser
+      // Must be applied before any other DB access
+      const safeKey = DB_KEY.replace(/'/g, "''");
+      db.pragma(`cipher='sqlcipher'`);
+      db.pragma(`legacy=4`);
+      db.pragma(`key='${safeKey}'`);
+      console.log('[DB] Encryption key applied (SQLCipher4)');
     } else {
       console.warn('[DB] WARNING: DB_KEY not set — database is unencrypted');
     }
diff --git a/build.sh b/build.sh
index 6b9a8e8..fcb5020 100644
--- a/build.sh
+++ b/build.sh
@@ -13,7 +13,7 @@
 # ─────────────────────────────────────────────────────────────
 set -euo pipefail
 
-VERSION="${1:-0.9.1}"
+VERSION="${1:-0.9.2}"
 ACTION="${2:-}"
 REGISTRY="${REGISTRY:-}"
 IMAGE_NAME="jama"
diff --git a/frontend/package.json b/frontend/package.json
index b4e94b0..e8b3ff4 100644
--- a/frontend/package.json
+++ b/frontend/package.json
@@ -1,6 +1,6 @@
 {
   "name": "jama-frontend",
-  "version": "0.9.1",
+  "version": "0.9.2",
   "private": true,
   "scripts": {
     "dev": "vite",