{"id":19304218,"url":"https://github.com/m-esm/e2db","last_synced_at":"2025-04-22T11:32:28.322Z","repository":{"id":57218062,"uuid":"286570364","full_name":"m-esm/e2db","owner":"m-esm","description":"Step by step demo to showcase how you can have e2e encryption for your database and files.","archived":false,"fork":false,"pushed_at":"2023-11-17T13:55:49.000Z","size":403,"stargazers_count":7,"open_issues_count":0,"forks_count":1,"subscribers_count":1,"default_branch":"master","last_synced_at":"2025-04-01T22:47:21.747Z","etag":null,"topics":["aes","database","e2e-encryption","guide","nodejs","rsa"],"latest_commit_sha":null,"homepage":"https://runkit.io/m-esm/e2db/branches/master","language":"TypeScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/m-esm.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2020-08-10T20:17:04.000Z","updated_at":"2023-11-17T13:55:54.000Z","dependencies_parsed_at":"2024-11-09T23:29:20.834Z","dependency_job_id":"9487113c-61aa-4cc0-a92f-20603fb6139d","html_url":"https://github.com/m-esm/e2db","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/m-esm%2Fe2db","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/m-esm%2Fe2db/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/m-esm%2Fe2db/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/m-esm%2Fe2db/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/m-esm","download_url":"https://codeload.github.com/m-esm/e2db/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":250232298,"owners_count":21396612,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["aes","database","e2e-encryption","guide","nodejs","rsa"],"created_at":"2024-11-09T23:29:10.097Z","updated_at":"2025-04-22T11:32:27.855Z","avatar_url":"https://github.com/m-esm.png","language":"TypeScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"# E2DB - e2e encryption for your database and files\n\n[![NPM](https://img.shields.io/npm/v/e2db.svg)](https://www.npmjs.com/package/e2db)\n[![Maintenance](https://img.shields.io/badge/Maintained%3F-yes-green.svg)](https://GitHub.com/m-esm/e2db/graphs/commit-activity)\n[![GitHub stars](https://img.shields.io/github/stars/m-esm/e2db.svg?style=social\u0026label=Star)](https://GitHub.com/m-esm/e2db/stargazers/)\n\n## Install\n\n```sh\nnpm install e2db\n```\n\n## Run tests\n\n```sh\nnpm run test\n```\n\n## Demo\n\nhttps://runkit.io/m-esm/e2db/branches/master\n\n## šŸš€ Usage\n\n```js\nconst Cipher = require(\"e2db\").Cipher;\n\nasync function doExample() {\n const userCloudPassword = \"user cloud password\";\n const globalRsaPass = \"global rsa passphrase\";\n // key.privateKey is encrypted with AES secret ( user cloud password )\n // key.privateKey is also protected by rsa pass phrase ( global rsa pass for your app )\n // key._id is auto generated bson object id\n const key = await Cipher.keyMaker.createKey(userCloudPassword, globalRsaPass);\n\n const model = {\n message: \"hello world\",\n secretMessage: \"privacy matters\",\n };\n\n // models could be encrypted by multiple keys\n const encryptedModel = Cipher.encryptModel(model, [key], {\n fields: [\"secretMessage\"],\n });\n\n console.log(JSON.stringify(encryptedModel, null, 2));\n\n // note that 5f38843239e984113d8eb8fa is our key._id\n // outputs:\n // {\n // \"message\": \"hello world\",\n // \"secretMessage\": \"P9acGm+rBD4TaUpNRZVx2/5UW8BY0d0frHHiF2l6flU=\",\n // \"_cipherKeys\": {\n // \"5f38843239e984113d8eb8fa\": \"RANDOM_AES_SECRET_ENCRYPTED_BY_RSA_KEY\"\n // },\n // \"_cipherFields\": [\n // \"secretMessage\"\n // ]\n // }\n\n const decryptedModel = Cipher.decryptModel(\n encryptedModel,\n key,\n userCloudPassword,\n globalRsaPass\n );\n\n console.log(JSON.stringify(decryptedModel, null, 2));\n\n // outputs:\n // {\n // \"message\": \"hello world\",\n // \"secretMessage\": \"privacy matters\"\n // }\n}\n```\n\n## Why?\n\nFor the sake of security and privacy for users and their data. services need only have access to part of user's data which they granted access to, remaining data should be only decrypted on user read demand. E2DB is providing a set of tools that\nwill help you with this.\n\n## What?\n\n- Sensitive and private information in database records\n- Private stored files on buckets and storages\n\n## When?\n\nWhen inserting the document, it should encrypt specific fields of a document that only could be decrypted when reading with a key.\n\n## How?\n\nTo ensure data is end to end encrypted on your backend:\n\n- Encrypt sensitive part of the document with AES\n\n - Keep AES secret encrypted by the RSA key alongside the document.\n\n- RSA public key is available in raw format to encrypt random AES secret which is used to encrypt database records/documents.\n- RSA private keys need to be encrypted using AES and persisted. the\n secret key for this AES cipher is our \"cloud password\"\n\n- When the cloud password changes, only RSA keys need to be encrypted again.\n\n- Cloud passwords should always be received from the client-side and not persisted on the server-side.\n\n - To prevent leaking cloud passwords in clear text format in logs or etc, we need to encrypt them by an hourly rotated secret ( cloud password salt ) which is only available on-memory with specific expire time.\n\n- Documents AES secret could be encrypted by multiple keys.\n\n## Road map\n\n- [x] Create RSA key pairs encrypted by AES secret\n- [x] Changes AES secret of a RSA key\n- [x] PassTrough stream with AES cipher\n- [x] Cipher usage example\n- [ ] Create cloud password salt\n- [ ] Mongoose example\n- [ ] NestJs example\n- [ ] ExpressJs example\n\n## Resources\n\n- https://nodejs.org/en/knowledge/cryptography/how-to-use-crypto-module/\n- https://gist.github.com/joepie91/7105003c3b26e65efcea63f3db82dfba\n\n## šŸ¤ Contributing\n\nContributions, issues and feature requests are welcome!\u003cbr /\u003eFeel free to check [issues page](https://github.com/m-esm/e2db/issues). You can also take a look at the [contributing guide](https://github.com/m-esm/e2db/blob/master/CONTRIBUTING.md).\n\n## Show your support\n\nGive a ā­ļø if this project helped you!\n\n## šŸ“ License\n\nCopyright Ā© 2020 [Mohsen Esmaeili \u003cm-esm@hotmail.com\u003e](https://github.com/m-esm).\u003cbr /\u003e\nThis project is [MIT](https://github.com/m-esm/e2db/blob/master/LICENSE) licensed.\n\n### Author\n\nšŸ‘¤ **Mohsen Esmaeili \u003cm-esm@hotmail.com\u003e**\n\n- Twitter: [@mohsen_esm](https://twitter.com/mohsen_esm)\n- LinkedIn: [@m-esm](https://linkedin.com/in/m-esm)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fm-esm%2Fe2db","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fm-esm%2Fe2db","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fm-esm%2Fe2db/lists"}