Product
Introducing Enhanced Alert Actions and Triage Functionality
Socket now supports four distinct alert actions instead of the previous two, and alert triaging allows users to override the actions taken for all individual alerts.
dexie-encrypted
Advanced tools
Readme
This lets you transparently encrypt an IndexedDB database using Dexie.js and tweetnacl.js.
Create a Dexie database and call encrypt
on it with your encryption key in a Uint8Array.
Note: dexie-encrypted creates a database table to hold its configuration so you must also bump your database version.
import Dexie from 'dexie';
import encrypt from 'dexie-encrypted';
const db = new Dexie('MyDatabase');
// set the key and provide a configuration of how to encrypt at a table level.
encrypt(db, symmetricKey, {
friends: encrypt.NON_INDEXED_FIELDS,
});
// If this is the first time you've encrypted bump the version number.
db.version(2).stores({
friends: '++id, name, age',
});
await db.open();
const friend = {
name: 'Camilla',
age: 25,
street: 'East 13th Street',
picture: 'camilla.png',
};
// street and picture will be encrypted because they are not indices.
// id, name, and age will not be encrypted because they are indices.
await db.friends.add(friend);
encrypt(db, key, config);
db
- a Dexie database that has not had .version called.key
- a Uint8Array of length 32, or a promise that will resolve with one. This will be used for both encryption and decryption.config
- a table level configuration that determines how dexie-encrypted will encrypt.Dexie-encrypted can be configured to encrypt all the data of a table, to whitelist fields that are non-sensitive, or to blacklist sensitive fields.
encrypt.NON_INDEXED_FIELDS
- all data other than indices will be encrypted.encrypt.WHITELIST
- all data other than indices and whitelisted fields will be encrypted.encrypt.BLACKLIST
- listed fields will be encrypted.encrypt(db, symmetricKey, {
users: encrypt.NON_INDEXED_FIELDS,
friends: {
type: encrypt.WHITELIST,
fields: ['street', 'picture'], // these two fields and indices will be plain text
},
enemies: {
type: encrypt.BLACKLIST,
fields: ['picture', 'isMortalEnemy'], // note: these cannot be indices
},
});
Creating and persisting the key is not a part of this library. To generate a key, tweetnacl provides a method to generate a random array, you can do what it's doing under the hood and use webcrypto directly, but most likely you should have a back end generate a key and send it to you. Take a look at the documentation for Uint8Array and TextEncoder/TextDecoder to figure out the best method for you.
If you don't have a back end, or can't add this API to your back end, you may use the user's password or other information that is not stored locally. The simplest way to do this is to use the password or a hash of it. This has the disadvantage that you must reencrypt the full database if the user changes their password. An alternative is to generate a random key, then store it encrypted with the user's password. With this method when the user changes their password you only need to reencrypt their key, rather than the entire database.
Using a back end lets you ensure that only a logged in user can have access to the data in your database, but it does mean that the user won't be able to access this data offline.
Dexie-encrypted saves your configuration to a database table, if you change your encryption configuration it will automatically reencrypt the database the next time it's open.
where
function and more. A PR adding this functionality would be accepted.name
is a string that must be encrypted it will be an empty string in the database. Numbers are saved as 0, and booleans as false. This is an optimization that prevents the browser from needing to create hidden classes.FAQs
Encryption middleware for Dexie
The npm package dexie-encrypted receives a total of 2,063 weekly downloads. As such, dexie-encrypted popularity was classified as popular.
We found that dexie-encrypted demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Product
Socket now supports four distinct alert actions instead of the previous two, and alert triaging allows users to override the actions taken for all individual alerts.
Security News
Polyfill.io has been serving malware for months via its CDN, after the project's open source maintainer sold the service to a company based in China.
Security News
OpenSSF is warning open source maintainers to stay vigilant against reputation farming on GitHub, where users artificially inflate their status by manipulating interactions on closed issues and PRs.