I am currently working on an application that allows users to keep a confidential date. Since this is a web application, we use NodeJS and MongoDB to save. (BTW I'm completely new to Node and NoSQL)
We have users who can keep a medical history. The name and email address are stored in the user document, while other data is stored in the profile. To improve security, I would like to encrypt links from the user to his profile and vice versa.
I am currently using the Crypto NodeJS library to encrypt (AES256) the user_id link in the user profile. As a result, the link is no longer an ObjectID type, but a string
Therefore, looking through the database directly, it is impossible to verify which profile belongs to whom. The encrypt key and decrypt user ID are stored somewhere in the NodeJS file of the NodeJS server.
Is this a normal / good way, or am I doing something completely wrong? Are there any better ways - I read that mongoDB does not support any "built-in encryption"
At least here is the code for en / decryption
module.exports = function() { this.encryptionSecret = "ANYSECRET"; this.crypto = require('crypto'); this.algorithm = 'aes256'; this.encrypt = function (key) { var cipher = this.crypto.createCipher(this.algorithm, this.encryptionSecret); var encrypted = cipher.update(""+key, 'utf8', 'hex') + cipher.final('hex'); return encrypted; }; this.decrypt = function (encryptedKey) { var decipher = this.crypto.createDecipher(this.algorithm, this.encryptionSecret); var decrypted = decipher.update(encryptedKey, 'hex', 'utf8') + decipher.final('utf8'); return decrypted; };
};
source share