I'm using AES 128 encryption. The key is generated on my Node.js server when the user registers to use the app. When I save the document I encrypt the entire document except for the _id, _rev and type properties. All encrypted data is in a 'data' property. That way I can query them and decrypt (or not if the 'data' property is absent). Not all document types are encrypted. Just the secret stuff. Patient, Claim, Session documents. The encryption key goes in their keychain and I STRONGLY encourage users to backup their keychain to iCloud. (It's in the license agreement and outlines the very bad things that will happen if they lose their encryption key). I struggled with this as a business decision and finally decided I could not safely/economically keep track of the encryption keys. User beware.
Realting to the earlier problem of managing the _rev properties ... I have given up on the previous approach of downloading data via Node and updating the documents with my downloader. I am about half way through on a branch that uses CBL replication directly from the CouchDB server. Problem solved if it works well and it looks like it will. Gets rid of a lot of networking and offline management code. On Tuesday, February 11, 2014 9:47:04 PM UTC-8, Jens Alfke wrote: > > > On Feb 11, 2014, at 9:32 PM, Alan McKean <[email protected] <javascript:>> > wrote: > > I am encrypting with the iOS encryption. > > > What algorithm? And where does the key come from? (I'm just curious.) > > How did the encrypted documents get into CouchDB — were they replicated > from another database? > > My documents have a single ‘data’ property that is an encrypted string. > Without a hook for decrypting, I will have to either decrypt during views > or run through the entire db looking for unencrypted data at launch. > > > The issue I linked to earlier describes some of the things I'm unsure > about with this approach, like what the revision ID should be. If you'd > like to work on adding such a hook, I can give you some advice on where to > start. > > —Jens > -- You received this message because you are subscribed to the Google Groups "Couchbase Mobile" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/mobile-couchbase/cacbfc47-a754-4c62-9ff8-8fb8102e3403%40googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
