Need help with crypto-pouch?
Click the “chat” button below for chat support from the developer who created it, or find similar developers for support.

About the developer

207 Stars 43 Forks MIT License 54 Commits 39 Opened issues


plugin for encrypted pouchdb/couchdb databases

Services available


Need anything else?

Contributors list

crypto pouch Build Status

Plugin to encrypt a PouchDB/CouchDB database.

var db = new PouchDB('my_db');

db.crypto(password); // all done, docs should be transparently encrypted/decrypted

db.removeCrypto(); // will no longer encrypt decrypt your data

It encrypts with the AES-GCM using native crypto which prefers the native version in node or the web crypto version in the browser, falling back to the version from crypto browserify if no native version exists. Chacha20-Poly1305 is also available and previous versions defaulted to this algorithm. You might consider using this if your app will primarily be used in browsers that don't support the web crypto api (e.g. safari).

Note: Attachments cannot be encrypted at this point. Use

{ignore: '_attachments'}
to leave attachments unencrypted. Also note that
are not supported. Use
db.get({binary: true, attachment: true})
instead. (#18).

This only encrypts the contents of documents, NOT THE ID (or rev). So if you have a document with the id

, while this plugin will happily encrypt that document, that may not be as helpful as you'd want it to be.


This plugin is hosted on npm. To use in Node.js:

npm install crypto-pouch

If you want to use it in the browser, download the browserified version from and then include it after



db.crypto(password [, options])

Set up encryption on the database.

If the second argument is an object:

  • options.ignore

    String or Array of Strings of properties that will not be encrypted.
  • options.digest

    Any of
  • options.algorithm
    Valid options are
  • iterations
    How many iterations of pbkdf2 to perform, defaults to 100000 (1000 in older versions).
  • key
    If passed a 32 byte buffer then this will be used as the key instead of it being generated from the password. Warning this buffer will be randomized when encryption is removed so pass in a copy of the buffer if that will be a problem.
  • password
    You can pass the options object as the first param if you really want and pass in the password in as an option.
  • cb
    A function you can pass in to get the derived key back called with 2 parameters, an error if there is one and the key if no error. Warning this buffer will be randomized when encryption is removed copy it or convert it to a string if that will be a problem.


Disables encryption on the database and randomizes the key buffer.


If you replicate to another database, it will decrypt before sending it to the external one. So make sure that one also has a password set as well if you want it encrypted too.

If you change the name of a document, it will throw an error when you try to decrypt it. If you manually move a document from one database to another, it will not decrypt correctly. If you need to decrypt it a file manually you will find a local doc named

in the database. This doc has fields named
which is a hex-encoded buffer,
which is a string,
which is an integer to use and
which is the encryption algorithm. Run pbkdf2 your password with the salt, digest and iterations values from that document as the parameters generate a 32 byte (256 bit) key; that is the key for decoding documents. If digest, iterations, or algo are not on the local document due to it being created with an older version of the library, use 'sha256', 1000, and 'chacha20' respectively.

Each document has 3 relevant fields:

, and
is the initialization vector to give to the encryption algorithm in addition to the key you generated. Pass the document
as additional authenticated data and the tag as the auth tag and then decrypt the data. If it throws an error, then you either screwed up or somebody modified the data.


Derive key from password and salt

db.get('_local/crypto').then(function (doc) {
  return new Promise(function (resolve, reject) {
    crypto.pbkdf2(password, doc.salt, doc.iterations, 256/8, doc.digest, function (err, key) {
      if (err) {
        return reject(err);
}).then(function (key) {
  // you have the key

Decrypt a document encrypted with chacha

var chacha = require('chacha');

db.get(id).then(function (doc) { var decipher = chacha.createDecipher(key, new Buffer(doc.nonce, 'hex')); decipher.setAAD(new Buffer(doc._id)); decipher.setAuthTag(new Buffer(doc.tag, 'hex')); var out = decipher.update(new Buffer(, 'hex')).toString();; // parse it AFTER calling final // you don't want to parse it if it has been manipulated out = JSON.parse(out); out._id = doc._id; out._rev = doc._rev; return out; });

Decrypt a document encrypted with aes-gcm

var decrypt = require('native-crypto/decrypt');

db.get(id).then(function (doc) { var encryptedData = Buffer.concat([ new Buffer(, 'hex'), new Buffer(doc.tag, 'hex') ]); return decrypt(key, new Buffer(doc.nonce, 'hex'), encryptedData, new Buffer(doc._id)).then(function (resp) { var out = JSON.parse(resp.toString()); out._id = doc._id; out._rev = doc._rev; return out; }); });

We use cookies. If you continue to browse the site, you agree to the use of cookies. For more information on our use of cookies please see our Privacy Policy.