How to encrypt data in your app in just 50 lines of code
Endless reports on data leaks reaffirm how important it is for developers to secure data and guarantee users privacy. Gemalto estimates, that since 2013 over 9 billion records have been lost, stolen or compromised. A trend which is, even more worryingly, increasing extremely rapidly with a 164% year-to-year increase.
End-to-End Encryption (E2EE) ensures that only intended users can access private data: All the exchanged information is encrypted and decrypted directly on users devices and never leaves them in plain. Thus, the E2EE data stored on servers (cloud servers, in particular) is not accessible to unauthorized third parties: hackers, server admins, governments and institutions, service providers, etc. E2EE reduces the risk of attacks: Why would anyone steal data that is encrypted and, therefore, cannot be read?
E2EE is still not universally used, since implementing E2EE is hard. It is notoriously difficult to carry out all the necessary cryptographic schemes without introducing flaws that reduce the security of the application to nothing. A recent study by Veracode showed that more than a half of applications are affected by cryptographic issues. The complexity of E2EE implementation also rises abruptly with the number of features: Users don’t only want to store static information, but they also desire to share it with other users (e.g. Snapchat messaging) or groups of users (e.g. Slack); and developers need to compute statistics directly on the encrypted data.
DataPeps is a cloud-based solution that encourages the use of E2EE by simplifying its integration into your applications. By using the open source DataPeps SDK, you can easily encrypt users private data from end to end, as well as share and audit it — in short, treat the sensitive information with care and respect.
This technical tutorial will show you how to use DataPeps to add E2EE to a simple note keeper application MyPrivateNote.
Tour of MyPrivateNote
Our sample app MyPrivateNote allows to create and delete notes. In addition, users can download notes and import them back.
For simplicity, MyPrivateNote has no server part and the notes are stored in plain in the browser using IndexedDB. Users log in to get access to their own notes, and multiple users can work on the same machine using different logins.
MyPrivateNote is built in JavaScript using React, Bulma and Font Awesome for CSS. You can find the complete code of MyPrivateNote here.
MyPrivateNote suffers, however, from a major problem: Created notes are stored in plain and are not secured at all.
Obviously, we lack an authentication mechanism: An attacker can log in as another user and access the user’s personal notes. Indeed, we can easily add a password authentication; however, the lack of privacy would still exist. As MyPrivateNote uses IndexedDB, a malicious user can read the confidential notes by inspecting them directly in the browser. Moreover, the data is stored in plain, so even if we used a server-side database, an admin could read the users notes or a hacker could steal and leak them.
The good news is, we can mitigate this problem by using DataPeps to add E2EE into the app. The app will store only encrypted notes and will decrypt them on demand of the notes owner.
In what follows we will see how to integrate E2EE functionality into log-in and notes components of MyPrivateNote.
Preparing MyPrivateNote for E2EE integration
To add E2EE to MyPrivateNote using DataPeps, the application developer creates a DataPeps application.
DataPeps generates a secret token for each registered application. An application uses the secret token to authenticate itself against DataPeps.
MyPrivateNote log-in
When E2E is not integrated into MyPrivateNote, logging in only initializes the user’s notes store in IndexedDB.
To enable E2EE functions via DataPeps a user links his registered DataPeps account to MyPrivateNote by logging into DataPeps and authorizing the application.
When the user hits the Login button, the application requests Delegated access to the DataPeps account of the user. It allows the app to use E2EE functions on behalf of the user; see docs for details.
After the user accepts the request, the application establishes a session with DataPeps.
We add session establishment like this:
After the user grants access, DataPeps creates a new delegate for the application. A delegate is an isolated application account managed by the user that allows the client application to use the E2EE functions. The user can access all the E2EE data that the application creates and applications can access only their own data.
The sign() callback function, that MyPrivateNote passes to requestDelegatedAccess(), signs the request using the app’s secret token and, thus, authenticates the application. In the real world, sign()should delegate signature generation to the app’s server:
As MyPrivateNote is only client-side, sign() (and the secret token) is exposed to client.
Notes handling in MyPrivateNote
Without E2EE support, MyPrivateNote stores the notes in plain in IndexedDB.
To secure the notes we will ensure that:
- only encrypted notes are stored in IndexedDB; the applications decrypts them after fetching from the store
- the user downloads and imports encrypted notes
We will also use DataPeps to add a new feature: Sharing encrypted notes with other users.
Saving notes
Without E2EE integration MyPrivateNote saves a user’s note in the store in plain.
Encrypting a note before saving takes only two steps:
- create a new DataPeps resource
- encrypt the note using the resource
The array passed to the Resource.create() method are DataPeps users (more specifically, DataPeps identities) that can use the resource to encrypt and decrypt data. These users are the resource sharing group.
Resource description is visible to the resource sharers in their DataPeps dashboards and gives a hint about what piece of data was encrypted with the resource. For MyPrivateNote the description contains the ID of an encrypted note.
Notes content does not leak anymore.
When the user expands the note, the application decrypts the note’s content and shows it.
Decrypting a note is similar to encrypting it:
- fetch the note’s resource from DataPeps, using
dataPepsId, i.e. the resource ID - decrypt the note using the resource
Downloading notes
Users download notes in plaintext like this:
We just slightly change onDownloadNote() to download encrypted notes:
Importing notes
Users import back the notes downloaded in plaintext like this:
Importing an encrypted note is the same as putting an encrypted note to the store:
saveEncrypted() just adds the encrypted note into the store without decrypting it.
Sharing encrypted notes
With E2EE integrated, MyPrivateNote allows to download only encrypted notes, so users cannot exchange them directly. DataPeps makes it easy to add support for notes sharing between users
To share a note with a user the note creator adds him to the sharing group of the note’s DataPeps resource. A user in the sharing group can use the note’s resource to decrypt the note.
In practice, Alice clicks the Share icon, enters MyPrivateNote delegate ID of Bob and clicks Share the note button. After that Alice downloads the encrypted note and sends it to Bob. Bob simply imports the note to read it.
Conclusion
E2EE is an effective method for securing sensitive data during client-server interactions. The MyPrivateNote use case is a straightforward example of how E2EE guarantees information privacy.
DataPeps considerably simplifies the integration of E2EE into your applications: In many cases, E2EE integration requires just a few lines of code.
DataPeps also prevents you from introducing bugs into your E2EE implementation: All functions are ready-to-use, fail-safe and well documented.
With DataPeps, E2EE integration into your app has never been easier. To try it now, create a DataPeps account, get the SDK and start hacking!