search

calvinmetcalf / crypto-pouch

plugin for encrypted pouchdb/couchdb databases
MIT License
243 stars 44 forks source link

Questions around transparent encryption. #68

Closed redixhumayun closed 3 years ago

redixhumayun commented 5 years ago

Hey, I have some questions around what exactly transparent encryption entails.

I have a setup where I replicate from CouchDB to PouchDB on initial load. When I try to encrypt the PouchDB, I am still able to read documents from the database and log it in the browser.

How do I encrypt the database so as to prevent any read / write to the DB unless the DB is decrypted by providing the correct PIN?

calvinmetcalf commented 5 years ago

I have a setup where I replicate from CouchDB to PouchDB on initial load. When I try to encrypt the PouchDB, I am still able to read documents from the database and log it in the browser.

so once you set up the pouchdb instance to be encrypted it still looks like its decrypted because crypto-pouch handles decryption and encryption, if you were to just try to open the database without adding crypto-pouch you wouldn't be able to read it

How do I encrypt the database so as to prevent any read / write to the DB unless the DB is decrypted by providing the correct PIN?

by not setting up the encryption until the user supplies the PIN

redixhumayun commented 5 years ago

What do you mean when you say that if I were to open the database without adding crypto-pouch I wouldn't be able to read it? It would have to be encrypted before I should not be able to read it right?

by not setting up the encryption until the user supplies the PIN

So I encrypt after the user provides the PIN? Sorry, that seems to be backwards and its leaving me a little confused.

calvinmetcalf commented 5 years ago

you need to open the database using the pin before you write anything to it, otherwise it won't be encrypted because it needs the pin in order to encrypt things.

What do you mean when you say that if I were to open the database without adding crypto-pouch I wouldn't be able to read it? It would have to be encrypted before I should not be able to read it right?

i mean if you were to sync the database and reload the page this time not using crypto pouch to read the pouchdb you wouldn't be able to read the database without the pin

garbados commented 3 years ago

Hey, closing this issue since it seems Calvin got you some answers. Let me know if you're still having trouble and I'll be happy to help :)