Encrypted documents are replicated to the remote couch

[honzajerabek]

Hi I've set up crypto pouch with my PouchDB, which is live replicated to the remote CouchDb. I released this update and during the first 24h I've found that at least one user has encrypted documents stored on the remote CouchDb. Needless to say, the release was used at least by 1000 users, whose data weren't encrypted on the couchDb

Since I've immediately reverted the release and forced-delete the local pouch for all users, the _local/crypto document is also lost and there is no way of getting the key for decrypt. -- I've reverted the previous document _rev to the user and everything is fine now..

However, how is it possible to have data encrypted on the remote? Has anyone experienced this?

I'm using the standard set up -

PouchDB.plugin(cryptoPouch)
const localDb = new PouchDB(name)
localDb.crypto(pass)

localDb.sync(remoteDb, { live:true, retry: true })

the user's browser was Chrome 65 and macOS

[calvinmetcalf]

yeah there seams to be some issues with transform pouch that this is built around

[garbados]

Hi @honzajerabek ! We just published 4.0, which includes a significant refactor and removes / updates many dependencies. I invite you to try again and let me know how it goes. I'm going to close this issue for now but I can re-open it if you'd like :)