couch-box
Asymmetric encrypted CouchDB documents, powered by NaCl's curve25519-xsalsa20-poly1305.
couch-box uses TweetNaCl.js, a port of
TweetNaCl / NaCl to
JavaScript for modern browsers and Node.js by Dmitry Chestnykh
(@dchest).
The use of the widely ported cryptography library NaCl makes it possible to
implement this encryption schema in other, possibly more secure platforms, for
example with Python and CouchDB.
:warning: Only to play around! Not yet ready for production use.
Installation
couch-box is hosted on npm.
Node
Install via npm install couch-box
Usage
var databaseKeyPair = require('tweetnacl').box.keyPair()
var box = require('tweetnacl')(databaseKeyPair)
var doc = {
_id: 'mydoc',
box: {
text: 'a secret text'
},
public: 'some public visible property'
}
box(doc)
box.open(doc)
box.close()
Details
Each document is encrypted with its own key. For each database key which was
given access to the document a permit is included in the document. This empowers
the owner to grant access to other accounts on a per document basis.
Each document has its own key which is used together with Nacl secret-key
authenticated encryption. The key consists
of 32 random bytes.
In order to create the doc permit we
- Create an ephemeral key pair
- Create a nonce
- Encrypt the document key with nonce, public database key and ephemeral secret key
{
"_id" : "a069f1041735910cf8f613d20000116b",
"box": {
"ephemeral" : "PuiUBvQY+7ZFPXXUQ1N2eNE9tgPgIkT1uWj9rpShwXY=",
"nonce": "zGDblW4Ov8sMKG3YcV/BISueH+REtDr3",
"receivers": {
"2XiwPX1U6pKPitmhyeubV9g4YYxtIxNfMNE6B5keEmg=": {
"nonce": "pSquTTn+/I7REorstK6hSYeKizajtu65",
"encryptedKey": "GXEfX7V3IwA0izAAJ3HIRCzxDFIUfxMq82QO49ITwKzbi+S+5TanJ/9ubmxOUyBh"
}
},
"cipher": "D9xRZl+/k0gvdBx33CGKaGfLTH731T6jhkMXfh9GfVxETGmTcpzqSJNQ42GPzsafycpdSd7ZTTWBO2vXu06dCha/X8P8C+F6Po+LeerJhKgG"
}
}
Testing
npm test