Hi Backendless support i need help with a encryption idea that i got:
When the app sends the data to the database it is not encrypted but it is in plain text so i got the idea if it was possible to make the app encrypt it with my PGP public key then if possible AES-256 before it is sent in the database so it is saved on the database encrypted an so only I can access the data.
I am doing this because i run my investigation agency so i need max security for the sensitive data i hold which colud be dangerous in the hands of other people
I uploaded down here the screenshot of the current logic
Hi.
It is not totally clear where you perform encryption itself (or plan to perform). Could you point to that part, please?
Or are you just interested in if we have such an option in the sdk?
Hi @Meme_Bomber
To be honest I haven’t heard about such additional encryption with a public key.
Isn’t it enough to send API requests over HTTPS?
Anyway, if you find out how to implement that with Javascript and WEB technologies we will be glad to assist you
Regards,
Vlad
Hi @vladimir-upirov https is not enogh due to the sensitivity of the data that is shared trough the form
I was hoping you could help me to find a way to do that
Hi @oleg-vyalyh the encryption i was planning to do it before transfer of the data itself to the database so it is stored encrypted in a way only i can decrypt that so it is safe as i sayd due to the sensitivity of the data itself
So you you have to research if there is any library written in js (because you wan to use it inside browser), which can encrypt and decrypt data with PKCS.
Hi can you teach how to do that?
Hi @Meme_Bomber,
To achieve this in a JavaScript environment, you would generally follow these steps:
- PGP Encryption:
- You can use a library like OpenPGP.js to encrypt your data with your PGP public key. This ensures that only you can decrypt it with your private key.
- AES-256 Encryption:
- If you want to add an additional layer of encryption, you can first encrypt the data with AES-256 and then encrypt the AES key with your PGP public key. Libraries like CryptoJS can help with AES encryption in JavaScript.
Here’s a very basic example of how you might approach this:
import * as openpgp from 'openpgp'
import CryptoJS from 'crypto-js'
// Example of AES encryption
const aesEncrypt = (data, secretKey) => {
return CryptoJS.AES.encrypt(data, secretKey).toString()
}
// Example of PGP encryption
const pgpEncrypt = async (data, publicKey) => {
const encrypted = await openpgp.encrypt({
message: await openpgp.createMessage({ text: data }),
encryptionKeys: publicKey,
})
return encrypted
}
// Encrypt your data first with AES
const aesEncryptedData = aesEncrypt('Your sensitive data', 'YourAESSecretKey')
// Then encrypt the AES key with PGP
const pgpEncryptedAESKey = await pgpEncrypt('YourAESSecretKey', 'YourPGPPublicKey')
Note: To implement this with Codeless logic, you would need to use a Custom Code block to handle the encryption.
Hope this is helpful and gives you some direction.
Regards,
Stanislaw
