Crypto safe

CloudWall user profile doc contains user crypto keys and, probably, external DB passwords. User profile doc, _id:"cw" in the cw bucket, is stored encrypted with PIN code, and gets decrypted after user provides his PIN on page reload.

The only place knowing user’s PIN and keeping keys and passwords decrypted is a dedicated closure which export public methods as cw.crypto object. 

No app running in CW environment can access keys and passwords directly. Passwords are sealed; crypto-keys are just never accessible directly, only by key_id.

cw.crypto methods

cw.crypto.dblist()

Returns an array of bucket names, listed in user profile doc. 

cw.crypto.keys()

Returns array of keys. Each array member is like {id:"abcd1234", name:"Key name"}

The id prop is key_id for encrypting/decrypting docs. You should put it into .crypto doc prop to make the doc encrypted on save.

The name prop is a readable display name of the key, like Our dept internal docs.

cw.crypto.enc( doc, async )

Encrypts doc with key_id in doc.crypto property. If no key_id exists unmodified source doc returned as a result.

Encoder keeps properties _id, _rev, crypto, type, name, tags, stamp, creator, pic, _attachments intact. All other doc properties are collapsed into single CRYPTO property, which is base64 string.

Return Promise if async argument is true. Promise is resolved with encrypted doc. Async way is much faster for large branchy documents.

cw.crypto.dec( doc, async )

Decrypts doc, doc.crypto must be key_id. If no key_id provided, or key_id is not known, source doc returned as a result.

If async is true returns Promise to be resolved with decrypted doc. Async is much faster for large branchy documents.

cw.crypto.has( key_id )

Return true if crypto context knows key with key_id.

cw.crypto.me()

Return user info object.

Bucket methods with crypto

cw.db(db).save( doc )

If doc has doc.crypto key_id, and that key_id is present in user profile, method encrypts doc before putting it into bucket. Returns Promise resolved with unencrypted doc with updated revision.

cw.db(db).load( arg )

Fetches a doc; if doc is stored encrypted (has both .crypto and .CRYPTO props), it is decrypted and returned with .crypto prop kept.

cw.db(db).settings()

Bucket settings are never returned with visible passwords. 

When settings method is called with argument which is bucket object; sealed passwords are accepted and replaced back with originals before encryption during save.