Closed jjtolton closed 2 years ago
garbados
commented
2 years ago I'm not sure I understand. You have remote databases with encrypted data on them... but you want to encrypt the data in-place? Do you mean you have decrypted databases you want to encrypt in-place, or that you want to double-encrypt those databases?
jjtolton
commented
2 years ago Sorry - I have remote databases that are unencrypted. I want to upgrade from unencrypted pouchdb to comdb. All of my data is currently unencrypted.
On Fri, May 6, 2022 at 10:31 AM Diana Thayer @.***> wrote:
I'm not sure I understand. You have remote databases with encrypted data on them... but you want to encrypt the data in-place? Do you mean you have decrypted databases you want to encrypt in-place, or that you want to double-encrypt those databases?
— Reply to this email directly, view it on GitHub https://github.com/garbados/comdb/issues/27#issuecomment-1119687781, or unsubscribe https://github.com/notifications/unsubscribe-auth/ACPJX4YDZ43FK3GAMQHPJWDVIUUMBANCNFSM5U7Y2QWA . You are receiving this because you authored the thread.Message ID: @.***>
garbados
commented
2 years ago Great! I can help with that.
garbados
commented
2 years ago I've added a working example here https://github.com/garbados/comdb/pull/28 that I believe should suit your needs. I'm in the process of ensuring its explanatory text is up to snuff, but you can use it right now. Read the source and write your own script for doing this, the essential parts of which are as follows:
// connect to the original database
const db = new PouchDB(ORIGINAL_DB)
// set up the encrypted transient copy
await db.setPassword(PASSWORD, { name: TRANSIENT_DB })
// save the export string needed to decrypt documents
const exportString = await db.exportComDB()
// reset the original database
await db.destroy({ unencrypted_only: true })
// replicate from the encrypted transient copy to the empty original database
await PouchDB.replicate(db._encrypted, ORIGINAL_DB)
// destroy the transient copy now that everything has been copied to the original
await db._encrypted.destroy()
// set up the now-encrypted database with the export string needed to decrypt docs
const db2 = new PouchDB(TRANSIENT_DB_2, { adapter: 'memory' })
await db2.importComDB(PASSWORD, exportString, { name: ORIGINAL_DB })Now your database is encrypted! Note that the database will be unavailable while you do this so turn off any apps that rely on this database while you encrypt your data. Once it's done, you can turn them back on -- provided they now use ComDB to read those encrypted docs.
Does that make sense?
jjtolton
commented
2 years ago Diana, this is brilliant! And you can even use the same technique to decrypt a database as well. Great work!
On Fri, May 6, 2022 at 2:00 PM Diana Thayer @.***> wrote:
I've added a working example here #28 https://github.com/garbados/comdb/pull/28 that I believe should suit your needs. I'm in the process of ensuring its explanatory text is up to snuff, but you can use it right now. Read the source and write your own script for doing this, the essential parts of which are as follows:
// connect to the original databaseconst db = new PouchDB(ORIGINAL_DB)// set up the encrypted transient copyawait db.setPassword(PASSWORD, { name: TRANSIENT_DB })// save the export string needed to decrypt documentsconst exportString = await db.exportComDB()// reset the original databaseawait db.destroy({ unencrypted_only: true })// replicate from the encrypted transient copy to the empty original databaseawait PouchDB.replicate(db._encrypted, ORIGINAL_DB)// destroy the transient copy now that everything has been copied to the originalawait db._encrypted.destroy()// set up the now-encrypted database with the export string needed to decrypt docsconst db2 = new PouchDB(TRANSIENT_DB_2, { adapter: 'memory' })await db2.importComDB(PASSWORD, exportString, { name: ORIGINAL_DB })
Now your database is encrypted! Note that the database will be unavailable while you do this so turn off any apps that rely on this database while you encrypt your data. Once it's done, you can turn them back on -- provided they now use ComDB to read those encrypted docs.
Does that make sense?
— Reply to this email directly, view it on GitHub https://github.com/garbados/comdb/issues/27#issuecomment-1119858704, or unsubscribe https://github.com/notifications/unsubscribe-auth/ACPJX46PVTVGZ5INJOQC5DTVIVM4DANCNFSM5U7Y2QWA . You are receiving this because you authored the thread.Message ID: @.***>
Now that https://github.com/garbados/comdb/issues/21 is complete, I'm SO excited for this!
One issue is that I have many remote DBs with encrypted data on them. Because of the way replication works, I'm not sure how to encrypt the data in place. Do you have any suggestions?
Edit: (I MEANT to say DBs with unencrypted data... this confusion was resolved below)