Feature: Encryption option

Question

Feature: Encryption option

m-dary-nur opened this issue 4 years ago · comments

Hi, do you think add encryption like aes 256 into vasern option ?, Or hava any right way practice to adding encryption data locally ?

Thank you

Hieu Nguyen (Jack) · Answer 1 · Fri Nov 06 2020 00:35:32 GMT+0800 (China Standard Time)

Hey @m-dary-nur. What are you using encryption for?

I found a few libraries that could help with the encryption

m dary nur · Answer 2 · Fri Nov 06 2020 21:21:24 GMT+0800 (China Standard Time)

Yes @hieunc229 using aes 256, can you make a practice how to use encryption in vasern ?,
Im using encryption for health data

Thank you

Hieu Nguyen (Jack) · Answer 3 · Sat Nov 07 2020 09:12:45 GMT+0800 (China Standard Time)

Hey, @m-dary-nur!

Vasern doesn't support data encryption. There are a number of encryption libraries available you can choose

I have 2 questions to understand the senario, to see if I can help:

Which 1 of 2 senarios below are you in?
AES-256 encryption require a password to encrypt and decrypt. You will either:
a. Let users enter the password (only people with password can read the data)
b. Store the password in the device internal or a secure storage
Is the encrypted data being used in the server-side? Since, the data is encrypted and transfer to the server, in many cases, it'd be better to encrypt on the server

m dary nur · Answer 4 · Sat Nov 07 2020 12:30:07 GMT+0800 (China Standard Time)

Hi @hieunc229,
For point 1 , i prefer second one
For point 2, sure, its also encrypt on the server

Hieu Nguyen (Jack) · Answer 5 · Sat Nov 07 2020 15:13:56 GMT+0800 (China Standard Time)

Ok, I still have some more questions to clarify. In general, you can encrypt data like as the below example:

I'll be using crypto-js in this example. This should works on any javascript enviroment like React Native, nodejs, ...(might not work when transfering from app -> server or somewhere else)

import crypto from "crypto-js";

// encryption password, need to store somewhere safe
const secretKey = `randomkey`;
const message = `Hello World`;

// To encrypt
const encryptedText = crypto.AES.encrypt(message, secretKey).toString();
 
// To decrypt
const bytes  = crypto.AES.decrypt(encryptedText, secretKey);
const decryptedText = bytes.toString(crypto.enc.Utf8);

console.log(decryptedText) // => `Hello World`

The problem here is where to store the secretKey to avoid people checking out the password. Basically, data stored in vasern is private to the application (other apps can't read it). Though, there is a small but rare chance of someone will get the data file, and look for the password.

If you are still confuse, let's have a chat on our Slack channel here https://join.slack.com/t/vasern/shared_invite/zt-5uoc8hec-Y~b9PjQfN0n2PbCTJH7exA

m dary nur · Answer 6 · Sat Nov 07 2020 16:39:33 GMT+0800 (China Standard Time)

Thank you @hieunc229 , but what is it possible to use encryption like crypto within vasern configdb parameter like

new Vasern({schemas: [...], encryption: { secretKey: 'someKey', type: 'sha256' }});

Sure, actually i've joined vasern channel on slack

Hieu Nguyen (Jack) · Answer 7 · Mon Nov 09 2020 01:02:37 GMT+0800 (China Standard Time)

We had a chat on slack channel so I'll close this thread. Feel free to re-open or create a new thread

m dary nur · Answer 8 · Mon Nov 09 2020 13:07:13 GMT+0800 (China Standard Time)

Thanks @hieunc229 , sorry im forget to close it