Crypto safe

CloudWall user profile doc contains user crypto keys and, probably, external DB passwords. User profile doc, _id:"cw" in the cw bucket, is stored encrypted with PIN code, and gets decrypted after user provides his PIN on page reload.

The only place, knowing user’s PIN and keeping keys and passwords decrypted, is dedicated closure, which export public methods to cw.crypto object. 

No app running in CW environment can access keys and passwords directly. Passwords are sealed; crypto-keys are just never accessible directly, only by key_id. 

cw.crypto methods

cw.crypto.dblist()

Returns an array of bucket names, listed in user profiles doc.

cw.crypto.keys()

Returns array of key description objects. Each array member is like {id:"abcd1234", name:"Key name"}. The id prop is key_id for encrypting/decrypting docs; name is readable display name, like Our dept internal docs.

cw.crypto.enc( doc, async )

Encrypts doc with key_id in doc.crypto property. If no key_id exists, source doc returned as a result.

Encoder keeps properties _id, _rev, crypto, type, name, tags, stamp, creator, pic, _attachments intact. All other doc properties are collapsed into single CRYPTO property, which is base64 string.

If async argument is true, returns Promise, resolved with encrypted doc. Async way is much faster for large branchy documents.

cw.crypto.dec( doc, async )

Decrypts doc, doc.crypto must be key_id. If no key_id provided, or key_id is not known, source doc returned as a result.

If async is true, returns Promise, resolved with decrypted doc. Async is much faster for large branchy documents.

cw.crypto.has( key_id )

Return true if crypto context knows key with key_id.

cw.crypto.me()

Return user info object.

Bucket methods with crypto

cw.db(db).save( doc )

If doc has doc.crypto key_id, and that key_id is present in user profile, method encrypts doc before putting it into bucket. Returns Promise resolved with unencrypted doc with updated revision.

cw.db(db).load( arg )

Fetches a doc; if doc is stored encrypted (has both .crypto and .CRYPTO props), it is decrypted and returned with .crypto prop kept.

cw.db(db).settings()

Bucket settings are never returned with passwords. 

When settings is called with argument, which is bucket object, sealed passwords are accepted back and replaced with valid ones on save.