GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → mark43 → dexie-encrypted

mark43 / dexie-encrypted

Licence: MIT license
Transparent encryption for IndexedDB using Dexie

Programming Languages

javascript
184084 projects - #8 most used programming language
typescript
32286 projects

Labels

cryptoencryptionindexeddbdexie

Projects that are alternatives of or similar to dexie-encrypted

you-can-quit
A tool to support your progress in quitting whatever your bad habit is.
Stars: ✭ 56 (-15.15%)
Mutual labels:  indexeddb, dexie
hashseq
A simple proof of work, mainly designed to mitigate DDoS attacks.
Stars: ✭ 20 (-69.7%)
Mutual labels:  crypto
anyl-wallet
🏦 Anyl Embedded Wallet for Internet of Things
Stars: ✭ 28 (-57.58%)
Mutual labels:  crypto
rust-hmac-sha256
A small, self-contained SHA256 and HMAC-SHA256 implementation.
Stars: ✭ 24 (-63.64%)
Mutual labels:  crypto
framework
Aplus Full-Stack Framework
Stars: ✭ 172 (+160.61%)
Mutual labels:  crypto
privatebin-cli
Privatebin CLI in NodeJS.
Stars: ✭ 31 (-53.03%)
Mutual labels:  crypto
electron-react-ts-rxdb-realm-sqlite
Demo of Native Databases with Electron and ReactJS. Realm, SQLite and RxDB ( with LevelDB/IndexedDB/InMemory adapters)
Stars: ✭ 27 (-59.09%)
Mutual labels:  indexeddb
equihash-zcash-c
Equihash solver port from C++ to C for Zcash
Stars: ✭ 31 (-53.03%)
Mutual labels:  crypto
i3blocks-crypto
💵 View your favorite coins' ticker prices with i3blocks.
Stars: ✭ 30 (-54.55%)
Mutual labels:  crypto
Benzaiboten-spot-trading-bot
A trading bot easy to use to be linked to your favorite exchange to automatize the trading on cryptocurrencies
Stars: ✭ 20 (-69.7%)
Mutual labels:  crypto
lbry.tech
Technical documentation website for the LBRY protocol
Stars: ✭ 46 (-30.3%)
Mutual labels:  crypto
denarius
Denarius [$D] is a PoW/PoS Hybrid Cryptocurrency with Tribus a new PoW Hashing Algo built specifically for D, one of a kind hybrid masternodes called Fortuna Stakes, atomic swaps, staking, mining, IPFS, optional Native Tor and I2P, and much more!
Stars: ✭ 105 (+59.09%)
Mutual labels:  crypto
rust-xoodyak
Xoodyak, a lightweight and versatile cryptographic scheme implemented in Rust.
Stars: ✭ 28 (-57.58%)
Mutual labels:  crypto
TensorTrade
This repository hosts all my code related to TensorTrade. It consists of the main program, its old versions, and some extras for more insights.
Stars: ✭ 16 (-75.76%)
Mutual labels:  crypto
ninjabot
A fast trading bot platform for cryptocurrency in Go (Binance)
Stars: ✭ 1,021 (+1446.97%)
Mutual labels:  crypto
NFT.net
An engine developed with .NET Core to generate NFT's through a graphical interface. Simple as that, in the best Grab & Go style.
Stars: ✭ 294 (+345.45%)
Mutual labels:  crypto
haskell-spake2
SPAKE2 key exchange protocol for Haskell
Stars: ✭ 14 (-78.79%)
Mutual labels:  crypto
CryptionTool
一个CTF+渗透测试工具框架,集成常见加解密,密码、编码转换,端口扫描,字符处理等功能
Stars: ✭ 62 (-6.06%)
Mutual labels:  crypto
CoinGecko
A C++20 library for CoinGecko--a cryptocurrency data service.
Stars: ✭ 69 (+4.55%)
Mutual labels:  crypto
sodium-wrapper
C++17 wrappers for libsodium
Stars: ✭ 15 (-77.27%)
Mutual labels:  crypto
View All Similar Projects ➔

Dexie-encrypted

This lets you transparently encrypt an IndexedDB database using Dexie.js. By default it uses tweetnacl.js, but you may use any encryption method you desire. Note that Dexie-encrypted cannot encrypt indices as doing this would make the database unsearchable.

Basic Usage

Create a Dexie database and call applyEncryptionMiddleware on it with your encryption key and encryption config.

Note: dexie-encrypted creates a database table to hold its configuration so you must also bump your database version.

import Dexie from 'dexie';
import { applyEncryptionMiddleware } from 'dexie-encrypted';

const db = new Dexie('MyDatabase');

// set the key and provide a configuration of how to encrypt at a table level.
applyEncryptionMiddleware(db, symmetricKey, {
    friends: encrypt.NON_INDEXED_FIELDS,
});

// If this is the first time you've encrypted bump the version number.
db.version(2).stores({
    friends: '++id, name, age',
});

await db.open();

const friend = {
    name: 'Camilla',
    age: 25,
    street: 'East 13th Street',
    picture: 'camilla.png',
};

// street and picture will be encrypted because they are not indices.
// id, name, and age will not be encrypted because they are indices.
await db.friends.add(friend);

Arguments

applyEncryptionMiddleware(db, key, config, onKeyChange);
  • db - a Dexie database that has not had .version called.
  • key - a Uint8Array of length 32, or a promise that will resolve with one. This will be used for both encryption and decryption.
  • config - a table level configuration that determines how dexie-encrypted will encrypt.
  • onKeyChange(db): Promise - Use this to clear your database or perform other actions when the database cannot be decrypted. We have provided encrypt.clearAllTables and encrypt.clearEncryptedTables to make this simpler. Setup will resume when the returned promise resolves.

Key Error Utility Functions

  • clearAllTables(db): Promise - clears all data from the database.
  • clearEncryptedTables(db): Promise - clears data from all the encrypted tables, leaving unencrypted tables untouched.

Configuration

Table Level Config

Dexie-encrypted will only encrypt tables you choose. It can be configured to encrypt all the data of a table, or you may select fields to encrypt or leave unencrypted. Fields can be any data type that can be added to IndexedDB, but must be top level fields.

  • encrypt.NON_INDEXED_FIELDS - all data other than indices will be encrypted.
  • encrypt.UNENCRYPTED_LIST - all data other than indices and listed fields will be encrypted.
  • encrypt.ENCRYPT_LIST - listed fields will be encrypted.
encrypt(db, symmetricKey, {
    users: encrypt.NON_INDEXED_FIELDS,
    friends: {
        type: encrypt.UNENCRYPTED_LIST,
        fields: ['street', 'picture'], // these two fields and indices will be plain text
    },
    enemies: {
        type: encrypt.ENCRYPT_LIST,
        fields: ['picture', 'isMortalEnemy'], // note: these cannot be indices
    },
});

Using custom encryption methods

The default will encrypt with tweetnacl, which at the time of publishing was the fastest method available, even faster than native WebCrypto. However, you may choose to use your own encryption methods. The main file of the repo contains a good example of this.

import { applyMiddlewareWithCustomEncryption } from 'dexie-encrypted/dist/applyMiddleware';
import { myCustomEncryptionMethod, myCustomDecryptionMethod } from './myEncryption';

applyMiddlewareWithCustomEncryption({
    db,
    encryptionKey,
    tableSettings,
    encrypt: myCustomEncryptionMethod, // <--- right here
    decrypt: myCustomDecryptionMethod, // <--- and here
    onKeyChange,
});

Note that this method takes a config object rather than several arguments.

Custom Encryption Methods

see the defaults for an example

  • customEncryptionMethod(key: Uint8Array, object: any) - This method receives an object containing only the fields that must be encrypted. It's up to you to serialize it, encrypt it, and return the encrypted data. It expects a Uint8Array to be returned from encryption.
  • customDecryptionMethod(key: Uint8Array, encryptedData: Uint8Array) Thismethod receives the data as it was returned from the encryption method. It must decrypt and deserialize it into an object. The returned value will be spread on to a new object with the unencrypted data.

Keys - Do not store your key locally without encryption.

Creating and persisting the key is not a part of this library. The best way to handle this is to have the back end generate a key for you, keeping it unique per user or per session. You may use some other user-provided data, such as a password, to generate the encryption key, but do not store it in LocalStorage or a cookie, as this would allow anyone with access to the computer to derive the key and decrypt the database.

Strategies for storing keys

Password based

If you don't have a back end, or can't add this API to your back end, you may use the user's password or other information that is not stored locally. The simplest way to do this is to use the password or a hash of it. This has the disadvantage that you must reencrypt the full database if the user changes their password. An alternative is to generate a random key, then store it encrypted with the user's password. With this method when the user changes their password you only need to reencrypt their key, rather than the entire database.

Back End

Using a back end lets you ensure that only a logged in user can have access to the data in your database, but it does mean that the user won't be able to access this data offline.

Upgrades

Dexie-encrypted saves your configuration to a database table, if you change your encryption configuration it will run the onKeyChanged callback. In this callback you can clear the existing tables and provide new data, or do whatever you choose.

Notes

  • You cannot encrypt indices. In the future it may be possible, but doing so would require overriding Dexie's where function and more. A PR adding this functionality would be accepted.
  • The shape of objects does not change; if name is a string that must be encrypted it will be an empty string in the database. Numbers are saved as 0, and booleans as false. This is an optimization that prevents the browser from needing to create hidden classes.
  • Tables missing from your configuration will not be encrypted.
  • The WebCrypto standard was not used because it doesn't offer a synchronous API, and that does not play well with IndexedDB transactions. Surprisingly, it's also much slower than tweetnacl.js. The browser's built in crypto can still be used for entropy.
Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].