Security News
Weekly Downloads Now Available in npm Package Search Results
Socket's package search now displays weekly downloads for npm packages, helping developers quickly assess popularity and make more informed decisions.
@tabcat/encrypted-docstore
Advanced tools
create and mount encrypted orbit-db docstores
DISCLAIMER: cryptography in this repo has been implemented by an amateur and has not been auditted.
Please :fire:roast:fire: me in Issues if u find a vulnerability.
NOTE: version 3.0.0 changes how EncryptedDocstore determines the orbitdb address, this is a breaking change. Some changes have been made to the api as well, mostly naming.
TODO:
extend the docstore instead of wrap it.
make every entry iv deterministic? based off anything unique besides orbit id and clock with the goal of having duplicate entries from different nodes collapse.
install with npm:
npm install @tabcat/encrypted-docstore
create orbitdb instance: https://github.com/orbitdb/orbit-db/blob/master/README.md#usage
create encrypted docstore:
const EncryptedDocstore = require('@tabcat/encrypted-docstore')
// create the encryption key
const aesKey = EncryptedDocstore.generateKey()
// create the docstore with orbitdb:
const dbConfig = { name:'asdf', options: {} } // type will always be 'docstore'
const encAddr = await EncryptedDocstore.determineAddress(orbitdb, dbConfig, aesKey)
const docstore = await orbitdb.docs(encAddr, dbConfig.options)
const encDocstore = await EncryptedDocstore.mount(docstore, aesKey)
// get,put, del, query all exposed on encDocstore and returned results should be identical to docstore methods
EncDoc = EncryptedDocstore
mount an encrypted docstore
docstore: orbit docstore made with name from EncDoc.determineEncDbName or address from EncDoc.determineEncDbAddress
aesKey: instance of AesKey from generateKey, deriveKey, or importKey static methods.
returns a promise that resolves to an instance of EncDoc
determine the docstore address for the encryptedDocstore, this is adding a way to check the aesKey against the db name
orbitdb: an instance of OrbitDB
dbConfig: an object containing name and options for an orbit store settings
aesKey: instance of AesKey from generateKey, deriveKey, or importKey static methods.
returns a promise that resolves to an instance of orbit address
check if an orbitdb address and aesKey are a match
encAddr: instance of orbit address from EncDoc.determineAddress
aesKey: instance of AesKey from generateKey, deriveKey, or importKey static methods.
returns a promise that resolves to a boolean
generates a new aesKey
length: number, aesKey length, defaults to 128. can be 128, 192, or 256
returns an instance of AesKey
derive an instance of AesKey from bytes and salt, uses PBKDF2 with 10k iterations
bytes: Uint8Array made from randomness or a strong password
salt: Uint8Array to be used as salt for deriving the key, optimally a 128bit random value
length: number, aesKey length, defaults to 128. can be 128, 192, or 256
returns an instance of AesKey
import an exported aesKey
rawKey: Uint8Array from EncDoc.exportKey
returns an instance of AesKey
export an aesKey
aesKey: instance of AesKey
returns a Uint8Array rawKey
see: https://github.com/orbitdb/orbit-db/blob/master/API.md#getkey-1
differences:
see: https://github.com/orbitdb/orbit-db/blob/master/API.md#putdoc
no visible differences
see: https://github.com/orbitdb/orbit-db/blob/master/API.md#delkey-1
no visible differences
see: https://github.com/orbitdb/orbit-db/blob/master/API.md#querymapper
differences:
FAQs
mount encrypted docstores with a key
The npm package @tabcat/encrypted-docstore receives a total of 2 weekly downloads. As such, @tabcat/encrypted-docstore popularity was classified as not popular.
We found that @tabcat/encrypted-docstore demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Socket's package search now displays weekly downloads for npm packages, helping developers quickly assess popularity and make more informed decisions.
Security News
A Stanford study reveals 9.5% of engineers contribute almost nothing, costing tech $90B annually, with remote work fueling the rise of "ghost engineers."
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.