encrypted-storage v1.0.1
The problem statement!
Most of the people save data into local storage, Is this a safe method to store ? No! Local storage writes the data as a plan string and any one who has the access to the device can read this data and manipulate.
Most of the people thinks that we can encrypt the data and save it on local storage, But in this case, you need to have a secure key to decrypt this data,
Let's consider this Scenario, You have encrypted the user login information and saved on local storage, When the platform reload, You are decrypting the data which is written on local storage and marking the user as logged or logged out, Here your website share a common secure key to encrypt and decrypt, which means only your website knows how to decrypt,
In this case, if someone copies the data from local storage and past on a different browser, then load your website, Your website will authenticate the user, Why ? because your website knows how the decrypt the data!
This is the problem when you have a single secure key! Then how do we solve this issue ?
Why Encrypted Storage ?
Encrypted storage is created to securely write the data to local storage ( Basically its a wrapper written on top of default localStorage to write the data securely to the localStorage ), here secure storage library generate a secure key for every browser and encrypt the data using this key, which means only the browser which encrypted the data can decrypt it,
Additionally encrypted storage preserve the data format for every data type, As out of the box it supports the following data types
String | Object | Number | Boolean
Which means you don't need to explicitly convert every data to string
How does it work ?
Encrypted storage is written in Singleton design pattern, and when the library initialized it reads all the data from local storage and decrypt all the data which is written using react-secure-storage and keeps on the memory, This ensure faster reading of all the data,
The key is generated using browser fingerprint, which is generated using 10+ browser key identifiers and user input secure key,
The user specific Secure key can be configured using .env file as
SECURE_LOCAL_STORAGE_HASH_KEY=xxxxxxxxxxxxxxxxor
REACT_APP_SECURE_LOCAL_STORAGE_HASH_KEY=xxxxxxxxxHow to use
To use the library first you need to install using
yarn add encrypted-storageor
npm install encrypted-storageYou can use the following methods to read and write items to secure local storage
| Function | Usecase | Datatype |
|---|---|---|
setItem(key, value) | To set values to secure storage | Supports 'String - Object - Number - Boolean' as value |
getItem(key) | To get values which is saved on secure local storage | Return null if the key does not exits |
removeItem(key) | To remove specified key from secure local storage | |
clear() | Removed all data from secure local storage |
Sample React Code
import { useEffect } from "react";
import encryptedStorage from "encrypted-storage";
const App = () => {
useEffect(() => {
encryptedStorage.setItem("object", {
message: "This is testing of local storage",
});
encryptedStorage.setItem("number", 12);
encryptedStorage.setItem("string", "12");
encryptedStorage.setItem("boolean", true);
let value = encryptedStorage.getItem("boolean");
}, []);
return (
<div>
This is a sample code
</div>
);
}
export default App;