mirror of
https://github.com/orbitdb/orbitdb.git
synced 2025-09-13 03:20:09 +00:00
95 lines
3.1 KiB
Markdown
95 lines
3.1 KiB
Markdown
# Encryption
|
|
|
|
OrbitDB features a modular architecture for database encryption. By passing a module to an OrbitDB database, different encryption methods can be employed.
|
|
|
|
OrbitDB project currently maintains a [SimpleEncryption](https://github.com/orbitdb/simple-encryption) module that can be used to get started with encrypted databases.
|
|
|
|
**WARNING:** SimpleEncryption is an unaudited encryption module. Use at your own risk.
|
|
|
|
## How it works
|
|
|
|
OrbitDB encrypts databases in two layers: encrypting the payload and encrypting the log entry.
|
|
|
|
Log entry encryption encrypts each log entry fully. Payload encryption encrypts just the value.
|
|
|
|
This makes it possible to separate users of a database and replicators of a database, ie. an orbitdb peer can replicate a database without being able to decrypt the payloads (=data) of the database.
|
|
|
|
## Configuring encryption
|
|
|
|
You can configure OrbitDB to encrypt either the payload data being stored or the entire database.
|
|
|
|
To ***encrypt payload data only***, specify an encryption module and pass it to OtbiDB via the encryption object using the `data` property:
|
|
|
|
```
|
|
const data = await EncryptionModule()
|
|
const encryption = { data }
|
|
const db = await orbitdb.open(dbNameOrAddress, { encryption })
|
|
```
|
|
|
|
To ***encrypt the database log entries***, specify an encryption module and pass it to OrbitDB via the encryption object using the `replication` property:
|
|
|
|
```
|
|
const replication = await EncryptionModule()
|
|
const encryption = { replication }
|
|
const db = await orbitdb.open(dbNameOrAddress, { encryption })
|
|
```
|
|
|
|
To ***encrypt the whole database***, payload data and oplog entries separately, specify an encryption module and pass it to OrbitDB via the encryption object using both the `replication` and `data` properties:
|
|
|
|
```
|
|
const replication = await EncryptionModule()
|
|
const data = await EncryptionModule()
|
|
const encryption = { replication, data }
|
|
const db = await orbitdb.open(dbNameOrAddress, { encryption })
|
|
```
|
|
|
|
## Encrypting Databases
|
|
|
|
OrbitDB provides simple password-based encryption via an external module called [SimpleEncryption](https://github.com/orbitdb/simple-encryption).
|
|
|
|
**WARNING:** This is an unaudited encryption module. Use at your own risk.
|
|
|
|
To install SimpleEncryption:
|
|
|
|
```
|
|
npm i @orbitdb/simple-encryption
|
|
```
|
|
|
|
To use encryption, initiate SimpleEncryption with a password and pass it to OrbitDB when opening your database:
|
|
|
|
```js
|
|
import { SimpleEncryption } from '@orbitdb/simple-encryption'
|
|
|
|
const replication = await SimpleEncryption({ password: 'hello' })
|
|
const data = await SimpleEncryption({ password: 'world' })
|
|
|
|
const encryption = { data, replication }
|
|
|
|
const db = await orbitdb.open(dbNameOrAddress, { encryption })
|
|
```
|
|
|
|
If you wish to use another encryption type, simply replace SimpleEncryption with the module of your choice.
|
|
|
|
## Custom Encryption
|
|
|
|
To implement a custom encryption module for OrbitDB, expose encrypt and decrypt functions:
|
|
|
|
```
|
|
const CustomEncryption = async () => {
|
|
const encrypt = (value) => {
|
|
// return encrypted value
|
|
}
|
|
|
|
const decrypt = (value) => {
|
|
// return decrypted value
|
|
}
|
|
|
|
return {
|
|
encrypt,
|
|
decrypt
|
|
}
|
|
}
|
|
|
|
export default CustomEncryption
|
|
```
|