https://github.com/chrisekelley/tangelo

Backbone Comments Example with Encryption
https://github.com/chrisekelley/tangelo

Last synced: 3 months ago
JSON representation

Backbone Comments Example with Encryption

• Host: GitHub
• URL: https://github.com/chrisekelley/tangelo
• Owner: chrisekelley
• Created: 2013-09-29T17:36:15.000Z (over 11 years ago)
• Default Branch: master
• Last Pushed: 2013-10-01T08:09:31.000Z (over 11 years ago)
• Last Synced: 2025-01-20T06:24:42.670Z (5 months ago)
• Language: JavaScript
• Size: 160 KB
• Stars: 0
• Watchers: 2
• Forks: 0
• Open Issues: 0
• Metadata Files:
  • Readme: README.md

Awesome Lists containing this project

README

        
# Backbone Comments Example with Encryption

This demo uses the Backbone Comments example as a basis for testing the [Stanford Javascript Crypto Library](http://crypto.stanford.edu/sjcl/)

It uses a modified version of backbone-couchdb.js to make the encryption as seamless as possible.

Set the encryption password, salt, and initialization vector(iv) in app.js:

    Backbone.couch_connector.config.encryption_password = "iWouldGoOutTonight";

    Backbone.couch_connector.config.iv = "7015C150 175DC714 8870D563 E9099C4C";

    Backbone.couch_connector.config.salt =  "EF6BC741 95BE4F70";

Note that if you change the password, you'll need to generate new salt and iv. The [SJLC demo](http://bitwiseshiftleft.github.io/sjcl/demo/) is a handy tool for this.

You may also change more encryption settings in backbone-couchdb.js. Setting the key *might* speed things up a tad.

The key is computed from the password, salt and strengthening factor. It will be used internally by the cipher.

    Backbone.couch_connector.config.key =  null;

    Backbone.couch_connector.config.encryptedJsonDefaults = { v:1, iter:1000, ks:256, ts:64, mode:"ccm", adata:"", cipher:"aes"}

The encryptDocument/decryptDocument functions for this demo are in coconut-utils-extra.js. Those two functions encrypt/decrypt all of the values

in the document except for_id, _rev, and collection properties.

View the demo at http://localhost:5984/tangelo/_design/backbone_couchapp_comments/index.html

# Details

The SJCL library encrypt function returns an object that includes the salt, initialization vector(iv), key in addition to other static properties:

        {"iv":"wevkdWea1szC9M8bq4TMUw==",

        "v":1,

        "iter":1000,

        "ks":256,

        "ts":64,

        "mode":"ccm",

        "adata":"",

        "cipher":"aes",

        "salt":"xYngJZoe7sw=",

        "ct":"KmUYro/nkG/5LthU"}

The demo currently stores only the ciphertext (ct), which is the encrypted value, in order to reduce the amount of redundant data stored in the database.

This measure does result in a compromise in the security of the data stored; it is preferable to have randomly-generated i.v. and salt.

Here is a useful StackOverflow article about [init. vector and salt](http://stackoverflow.com/questions/3849684/is-it-insecure-to-pass-initialization-vector-and-salt-along-with-ciphertext).