Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More
Socket
Sign inDemoInstall
Socket

crypto-pouch

Package Overview
Dependencies
Maintainers
1
Versions
16
Alerts
File Explorer

Advanced tools

Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

crypto-pouch

encrypted pouchdb/couchdb database

  • 1.1.0
  • Source
  • npm
  • Socket score

Version published
Weekly downloads
372
decreased by-26.48%
Maintainers
1
Weekly downloads
 
Created
Source

crypto pouch Build Status

Plugin to encrypt a PouchDB/CouchDB database.

var db = new PouchDB('my_db');

db.crypto(password).then(function (publicKey) {
  // all done, you got a public key
});

db.removeCrypto(); // will no longer encrypt decrypt your data

It currently encrypts with the Chacha20-Poly1305 algorithm, but this may be changed to AES256-GCM when Node 0.12.0 drops.

Usage

This plugin is hosted on npm. To use in Node.js:

npm install crypto-pouch

If you want to use it in the browser, download the browserified version from wzrd.in and then include it after pouchdb:

<script src="pouchdb.js"></script>
<script src="pouchdb.crypto-pouch.js"></script>

API

db.crypto(password [, diffieHellman])

Set up encryption on the database. Returns a promise.

If the second argument is a string, it is taken to be a Diffie-Hellman ModP group and if a buffer then a prime and the password is interpreted as a Diffie-Hellman public key. If so, the public key for use with the database is returned; you can use that to calculate the shared secret which is needed for subsequently opening the data set.

db.removeCrypto()

Disables encryption on the database.

Details

If you replicate to another database, it will decrypt before sending it to the external one. So make sure that one also has a password set as well if you want it encrypted too.

If you change the name of a document, it will throw an error when you try to decrypt it. If you manually move a document from one database to another, it will not decrypt correctly. If you need to decrypt it a file manually you will find a local doc named _local/crypto in the database. This doc has a field named salt which is a hex-encoded buffer. Run on your password with that as salt for 1000 iterations to generate a 32 byte (256 bit) key; that is the key for decoding documents.

Each document has 3 relevant fields: data, nonce, and tag. nonce is the initialization vector to give to chacha20 in addition to the key you generated. Pass the document _id as additional authenticated data and the tag as the auth tag and then decrypt the data. If it throws an error, then you either screwed up or somebody modified the data.

Examples

Derive key from password and salt

db.get('_local/crypto').then(function (doc) {
  return new Promise(function (resolve, reject) {
    crypto.pbkdf2(password, doc.salt, 1000, 256/8, function (err, key) {
      if (err) {
        return reject(err);
      }
      resolve(key);
    });
  });
}).then(function (key) {
  // you have the key
});

Decrypt a document

var chacha = require('chacha');

db.get(id).then(function (doc) {
   var decipher = chacha.createDecipher(key, new Buffer(doc.nonce, 'hex'));
  decipher.setAAD(new Buffer(doc._id));
  decipher.setAuthTag(new Buffer(doc.tag, 'hex'));
  var out = decipher.update(new Buffer(doc.data, 'hex')).toString();
  decipher.final();
  // parse it AFTER calling final
  // you don't want to parse it if it has been manipulated
  out = JSON.parse(out);
  out._id = doc._id;
  out._rev = doc._rev;
  return out;
});

Diffie Hellman

Diffie Hellman is an algorithm that allows 2 parties to create a secure key while only communicating via public channels. I'm not sure how useful this option will be in practice but I have a vague notion of how it might be useful.

For instance suppose Arthur needed some data from Beatrix but they could only communicate over twitter and pastebin. Arthur could run in node (version 0.11 or higher)

var crypto = require('crypto');
var dh = crypto.getDiffieHellman('modp14');
dh.generateKeys();
console.log('public', dh.getPublicKey('hex'));
console.log('private', dh.getPrivateKey('hex'));

Arthur could then save his private key and post on pastebin the public key and modp14.

Beatrix then creates a pouchdb with the cryto plugin and opens it with

db.crypto(new Buffer('the public key', 'hex'), 'modp14').then(function (public) {
  console.log('public', public.toString('hex'));
  // fill it up with data
});

then Beatrix could zip up the leveldb folder and include a note with the public key, and post it somewhere.

Arthur could then run

var crypto = require('crypto');
var dh = crypto.createDiffieHellman(crypto.getDiffieHellman('modp14').getPrime());
// the above throws an error in node 0.10 due to a bug
dh.setPrivateKey('private key from earlier', 'hex');
dh.generateKeys();
var secret = dh.computeSecret('public key from Beatrix', 'hex');

and Arthur could then use that to open the database.

To run it in node 0.10 Arthur would need to generate a custom prime with

var crypto = require('crypto');
var dh = crypto.createDiffieHellman(512);
// this can be very slow
dh.generateKeys();
console.log('public', dh.getPublicKey('hex'));
console.log('private', dh.getPrivateKey('hex'));
console.log('prime', dh.getPrime('hex'));

and send the prime to Beatrix who would run

db.crypto(new Buffer('the public key', 'hex'), new Buffer('prime', 'hex')).then(function (public) {
  console.log('public', public.toString('hex'));
  // fill it up with data
});

and Arthur would run

var crypto = require('crypto');
var dh = crypto.createDiffieHellman(new Buffer('prime', 'hex'));
// the above throws an error in node 0.10 due to a bug
dh.setPrivateKey('private key from earlier', 'hex');
dh.generateKeys();
var secret = dh.computeSecret('public key from Beatrix', 'hex');

Keywords

FAQs

Package last updated on 26 Nov 2014

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

Packages

npm

Stay in touch

Get open source security insights delivered straight into your inbox.


  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc