Returning nil from propertiesTransformationBlock

[Brendan Duddridge]

Hi,

Will returning nil from propertiesTransformationBlock on a pull replication leave the local document untouched or will it clear it out? I'd rather it leave it untouched.

I'm implementing encryption and decryption during replication and if something were to go wrong with the decryption, I wanted it to not affect the local document stored in the database, but throw up an error message to the user to let them know there was an error decrypting. This could happen if the user were to change the encryption key on the device pushing, but not on the device receiving, or vice versa. Or even if there was just some other error decrypting the encrypted property in the incoming document.

Thanks,

Brendan

[Brendan Duddridge]

Further to my question about leaving the local document untouched by returning nil question, is it ok to include the initialization vector and the password salt in the document sent to the server? I ask this because it's needed on the decryption side to know this information. My current algorithm generates a random IV and salt and stores it in the document being uploaded to the server. Then on the pull side, that information is used to decrypt the data.

I read somewhere that it's ok if the IV and salt are public, but just that they should be generated randomly for every encryption. That's what I'm doing.

Here's what the document on the server would look like after encryption:

{

  "_id": "rec-6724f5bc5b2e4d71b64d1bf6ba6df494",

  "_rev": "1-d0654ad93327d750595d6ae557a8a004",

  "form": "frm-9c9194ce8880402b9240b582bc415b63",

  "vector": "dOOoMlpRQvkkRYlgeQHtFw==",

  "salt": "5cPDGl0u9GM=",

  "values_encrypted": "X0mAXYOOEXWV....snip....OqSUwo=",

  "dateCreated": "2016-07-19T22:57:01.604Z",

  "type": "frm-9c9194ce8880402b9240b582bc415b63",

  "dbID": "db-12f835b677e542fba382cff41c5d8da1",

  "dateModified": "2016-07-19T22:57:01.604Z"

}

Does this seem like a reasonably secure approach? I know this isn't a specifically CBL related "sub question", but I thought someone here smarter than I would have a good opinion about it.

Thanks,

Brendan

[Jens Alfke]

On Aug 23, 2016, at 9:20 AM, Brendan Duddridge <bren...@gmail.com> wrote:

Will returning nil from propertiesTransformationBlock on a pull replication leave the local document untouched or will it clear it out? I'd rather it leave it untouched.

It leaves it untouched. Returning nil means you reject the revision, similar to returning NO from a validation block.

is it ok to include the initialization vector and the password salt in the document sent to the server?

Salt is part of key derivation and isn’t generally used in the actual encryption/decryption. In other words, you choose a constant salt value for your application and use that as part of converting a password to a raw key. Since the salt is fixed you don’t transmit it.

It’s safe to send the IV.

—Jens

[Jens Alfke]

On Aug 23, 2016, at 9:20 AM, Brendan Duddridge <bren...@gmail.com> wrote:

Will returning nil from propertiesTransformationBlock on a pull replication leave the local document untouched or will it clear it out? I'd rather it leave it untouched.

[Brendan Duddridge]

Hi Jens,

Does that imply that sending the salt is a bad idea? It would be just easier to let it be transmitted back to the server so I could read it on the other side. Otherwise I have to guarantee that the salt value is identical on all devices as well as the password.

Thanks,

Brendan