Feat: Allow custom cipher and decipher functions #23
Conversation
Pull Request Test Coverage Report for Build 2415774562Warning: This coverage report may be inaccurate.This pull request's base commit is no longer the HEAD commit of its target branch. This means it includes changes from outside the original pull request, including, potentially, unrelated coverage changes.
Details
💛 - Coveralls |
|
I like the ability to provide a custom ciphersuite, mostly to ensure compatibility with existing encrypted data with a different cipher or serialisation format. Though I wouldn't recommend using this feature to implement stable encryption, which is insecure (usually because of nonce or IV reuse). What ciphersuite were you thinking about? The way I circumvented this in my apps that use this middleware is to use a separate field for search that contains a stable hash (one-way function) of the clear text data, and abstracted that in a middleware (if you search via an encrypted field, hash the search and look for a match on the hash field instead). |
|
I'm not thinking of any specific cipher suite, this feature is more to give the developer freedom of choice about what he wants to use. I aware that stable hashes are not the safest ways to encrypt, but the example i mentioned is just a use case, since with this feat any ciphersuite can be used. |
src/encryption.ts
Outdated
| const cipherText = encryptStringSync(clearText, keys.encryptionKey) | ||
| const cipherText = | ||
| encryptFn !== undefined | ||
| ? encryptFn(clearText) |
There was a problem hiding this comment.
Here we would need a way to pass the encryption key, or are you assuming that providing a custom cipher opts the user out of key management?
There was a problem hiding this comment.
We don't need this, since the idea is to provide the user total control about encrypt/decrypt methods, only the function are needed for this.
The key management would be part of the provided cipher logic.
There was a problem hiding this comment.
Sounds good. Can you add some documentation about the feature in the README please? Emphasizing that key management is left to the user's appreciation would be good, since the options to pass keys in code are still available (or we could disallow them if a custom cipher is used, via a TS discriminating union, up to you).
There was a problem hiding this comment.
I liked your suggestion, to remove the option to provide keys when custom functions are passed. I will implement this along with the documentation.
|
After some consideration, I don't think advertising this solution as a way to solve the I have published an alternative solution to do filtering in That being said, I like the idea of swapping out the internal ciphersuite, so I could merge this PR but without the advocacy for weak cryptography in the documentation. |
It is currently not possible to pass custom encryption and decryption methods as params, and this creates a problem: It is not possible to filter db data by encrypted fields, as the current encryption library always generates a different hash for the same text.
This PR aims to allow custom encryption/decryption function to be passed as params, so if the developer wants to filter data by ciphertext, he can use any lib that generates static hash's, for example.