Encrypting specific values and revisions

29 views
Skip to first unread message

Brendan Duddridge

unread,
Jul 23, 2015, 8:15:19 PM7/23/15
to Couchbase Mobile
Hi,

I have a function in my app where a customer can choose to encrypt a specific field. All the values for that field across all records will be encrypted.

What I want to know is, what happens to the old non-encrypted values? The way I understand CBL is that it will create a revision with the new updated data (in this case, the newly encrypted values) and keep the old revision around. But then that means there's both an encrypted and unencrypted version of the same values hanging around in the same database file. 

What's the proper way to handle this situation?

The newly encrypted values of course may need to be synced to their other devices so there could still be unencrypted versions of the values on their other devices. But that's to be expected. At least on the source device where the values were originally encrypted, it should not be possible to access the previously unencrypted values. 

Would compacting the database after the values are encrypted remove the old revisions with the unencrypted data?

Thanks,

Brendan

Jens Alfke

unread,
Jul 23, 2015, 9:29:24 PM7/23/15
to mobile-c...@googlegroups.com

On Jul 23, 2015, at 5:15 PM, Brendan Duddridge <bren...@gmail.com> wrote:

Would compacting the database after the values are encrypted remove the old revisions with the unencrypted data?

Yes, compacting the database removes all obsolete revisions.

—Jens

PS: Off-topic, but: make sure you’re following best practices to encrypt the data. Many symmetric ciphers have the dangerous property that, if you ever encrypt multiple messages with the same key, it becomes easy to extract the key from the ciphertexts. (I was just reading some crypto docs over the weekend so this is fresh in my mind.)

Brendan Duddridge

unread,
Jul 24, 2015, 12:34:36 AM7/24/15
to Couchbase Mobile, je...@couchbase.com
Thanks Jens.

Does compacting interfere with the sync process in any way? I think the older revisions are used to determine what has changed during replication. I may be wrong in my understanding.

Thanks for the encryption tip.

Thanks,

Brendan

Jens Alfke

unread,
Jul 24, 2015, 2:19:50 AM7/24/15
to Brendan Duddridge, Couchbase Mobile

On Jul 23, 2015, at 9:34 PM, Brendan Duddridge <bren...@gmail.com> wrote:

Does compacting interfere with the sync process in any way? I think the older revisions are used to determine what has changed during replication.

Compaction deletes the contents of the old revisions but leaves behind the revision history (tree), which is what the replicator uses.

—Jens

Brendan Duddridge

unread,
Jul 24, 2015, 11:52:04 AM7/24/15
to Couchbase Mobile, je...@couchbase.com
Ok great.

Thank Jen!

Brendan
Reply all
Reply to author
Forward
0 new messages