npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

pouchdb-crypto

v1.0.4

Published

encrypted pouchdb/couchdb database

Downloads

243

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

tranduyminhmantranduyminhman

Keywords

pouchdbcouchdbencrypted

Readme

About

Fork from https://github.com/calvinmetcalf/crypto-pouch

Bug: The data cannot be synchronized to remoteDBd when was encrypted

Changed: Ignore more property _revisions in index.js file at line 18. Thanks Tien Tran for figured out this issue.

crypto pouch Build Status

Plugin to encrypt a PouchDB/CouchDB database.

var db = new PouchDB('my_db');

db.crypto(password);
// all done, docs should be transparently encrypted/decrypted

db.removeCrypto();
// will no longer encrypt decrypt your data

It encrypts with the AES-GCM using native crypto which prefers the native version in node or the web crypto version in the browser, falling back to the version from crypto browserify if no native version exists. Chacha20-Poly1305 is also available and previous versions defaulted to this algorithm. You might consider using this if your app will primarily be used in browsers that don't support the web crypto api (e.g. safari).

Note: Attachments cannot be encrypted at this point. Use {ignore: '_attachments'} to leave attachments unencrypted. Also note that db.putAttachment / db.getAttachment are not supported. Use db.put and db.get({binary: true, attachment: true}) instead. (#18).

This only encrypts the contents of documents, NOT THE ID (or rev). So if you have a document with the id plan_to_screw_over_db_admin, while this plugin will happily encrypt that document, that may not be as helpful as you'd want it to be.

Usage

This plugin is hosted on npm. To use in Node.js:

npm install pouchdb-crypto

API

db.crypto(password [, options])

Set up encryption on the database.

If the second argument is an object:

  • options.ignore
    String or Array of Strings of properties that will not be encrypted.
  • options.digest
    Any of sha1, sha256, sha512 (default).
  • options.algorithm Valid options are chacha20 and aes-gcm (default).
  • iterations How many iterations of pbkdf2 to perform, defaults to 100000 (1000 in older versions).
  • key If passed a 32 byte buffer then this will be used as the key instead of it being generated from the password. Warning this buffer will be randomized when encryption is removed so pass in a copy of the buffer if that will be a problem.
  • password You can pass the options object as the first param if you really want and pass in the password in as an option.
  • cb A function you can pass in to get the derived key back called with 2 parameters, an error if there is one and the key if no error. Warning this buffer will be randomized when encryption is removed copy it or convert it to a string if that will be a problem.

db.removeCrypto()

Disables encryption on the database and randomizes the key buffer.

Details

If you replicate to another database, it will decrypt before sending it to the external one. So make sure that one also has a password set as well if you want it encrypted too.

If you change the name of a document, it will throw an error when you try to decrypt it. If you manually move a document from one database to another, it will not decrypt correctly. If you need to decrypt it a file manually you will find a local doc named _local/crypto in the database. This doc has fields named salt which is a hex-encoded buffer, digest which is a string, iterations which is an integer to use and algo which is the encryption algorithm. Run pbkdf2 your password with the salt, digest and iterations values from that document as the parameters generate a 32 byte (256 bit) key; that is the key for decoding documents. If digest, iterations, or algo are not on the local document due to it being created with an older version of the library, use 'sha256', 1000, and 'chacha20' respectively.

Each document has 3 relevant fields: data, nonce, and tag. nonce is the initialization vector to give to the encryption algorithm in addition to the key you generated. Pass the document _id as additional authenticated data and the tag as the auth tag and then decrypt the data. If it throws an error, then you either screwed up or somebody modified the data.

Examples

Derive key from password and salt

db.get('_local/crypto').then(function (doc) {
  return new Promise(function (resolve, reject) {
    crypto.pbkdf2(password, doc.salt, doc.iterations, 256/8, doc.digest, function (err, key) {
      if (err) {
        return reject(err);
      }
      resolve(key);
    });
  });
}).then(function (key) {
  // you have the key
});

Decrypt a document encrypted with chacha

var chacha = require('chacha');

db.get(id).then(function (doc) {
  var decipher = chacha.createDecipher(key, new Buffer(doc.nonce, 'hex'));
  decipher.setAAD(new Buffer(doc._id));
  decipher.setAuthTag(new Buffer(doc.tag, 'hex'));
  var out = decipher.update(new Buffer(doc.data, 'hex')).toString();
  decipher.final();
  // parse it AFTER calling final
  // you don't want to parse it if it has been manipulated
  out = JSON.parse(out);
  out._id = doc._id;
  out._rev = doc._rev;
  return out;
});

Decrypt a document encrypted with aes-gcm

var decrypt = require('native-crypto/decrypt');

db.get(id).then(function (doc) {
  var encryptedData =  Buffer.concat([
    new Buffer(doc.data, 'hex'),
    new Buffer(doc.tag, 'hex')
  ]);
  return decrypt(key, new Buffer(doc.nonce, 'hex'), encryptedData, new Buffer(doc._id)).then(function (resp) {
    var out = JSON.parse(resp.toString());
    out._id = doc._id;
    out._rev = doc._rev;
    return out;
  });
});