4

data stored in local-storage or in WebSql database is not protected. we can directly see all the data of WebSql and local-storage because they are stored as plain text.

is there any way to protect data?

Bhavesh Jariwala
  • 885
  • 8
  • 27

1 Answers1

3

yes, you can encrypt/decrypt your data using something like AES or other Algorithm. Maybe you can try implementation https://github.com/digitalbazaar/forge#md5

// generate a random key and IV
// Note: a key size of 16 bytes will use AES-128, 24 => AES-192, 32 => AES-256
var key = forge.random.getBytesSync(16);
var iv = forge.random.getBytesSync(16);

/* alternatively, generate a password-based 16-byte key
var salt = forge.random.getBytesSync(128);
var key = forge.pkcs5.pbkdf2('password', salt, numIterations, 16);
*/

// encrypt some bytes using CBC mode
// (other modes include: CFB, OFB, CTR, and GCM)
var cipher = forge.cipher.createCipher('AES-CBC', key);
cipher.start({iv: iv});
cipher.update(forge.util.createBuffer(someBytes));
cipher.finish();
var encrypted = cipher.output;
// outputs encrypted hex
console.log(encrypted.toHex());

// decrypt some bytes using CBC mode
// (other modes include: CFB, OFB, CTR, and GCM)
var decipher = forge.cipher.createDecipher('AES-CBC', key);
decipher.start({iv: iv});
decipher.update(encrypted);
decipher.finish();
// outputs decrypted hex
console.log(decipher.output.toHex());
Carlos Rojas
  • 5,547
  • 2
  • 14
  • 13
  • 1
    I have a tutorial on Forge and encryption as well. https://blog.nraboy.com/2014/10/implement-aes-strength-encryption-javascript/ – Nic Raboy Jun 21 '15 at 05:10
  • @Nic Raboy- we need to store key some were that we use for encryption. if some one gets key and code of mobile app then it will be easy to decrypt data because we have encryption and decryption code in our mobile app. right? – Bhavesh Jariwala Jun 22 '15 at 05:26
  • Correct, which is why you'd have to have the user enter a key every time they want to use the application. This way decryption happens only if the key is correct? – Nic Raboy Jun 22 '15 at 07:02
  • @Nic Raboy- accept key from user good idea but i have also one question.when user first time use mobile app at that time he enters pin like 1234 so we store data based on 1234 key for future and 2nd time he is using app he enters pin:7485 so we decrypt past data using 7485 so it will not give correct data.so ultimately i need to store pin also to check that user has enter correct pin or not.so We have again at same problem – Bhavesh Jariwala Jun 22 '15 at 08:49
  • Store the password hash as SHA and do a comparison before trying to decrypt – Nic Raboy Jun 22 '15 at 12:02
  • Thanks Nic for helping me – Bhavesh Jariwala Jun 23 '15 at 03:54