Encryption

During normal operation, many apps store data on the local storage of the device they run on. This data may represent public data, but also personal information or sensitive content. This is why Kinvey provides a data encryption option to help you protect it.

The NativeScript flavor of the Kinvey JavaScript SDK uses the nativescript-sqlite package to store you app's data locally on the device. Kinvey provides a plugin for this package that enables encryption for your app's offline storage.

Encryption is only available on request. Please contact Support who will provide you with a plugin link. Take a note of the link and complete these steps to enable encryption:

1. Get the encryption-enabled version of the nativescript-sqlite plugin:

    tns plugin add <plugin link>

   In the command above, <plugin link> is the link provided by your Kinvey account representative.

2. In your app source code, initialize Kinvey with an additional parameter representing the encryption key:

    Kinvey.init({
      appKey: '<appKey>',
      appSecret: '<appSecret>',
      encryptionKey: '<encryptionKey>'
    });

The encryption key can be any string with any length. The longer and the more elaborate it is, the harder it will be to break, but will also take more of the device's resources to encrypt and decrypt data. The empty string ("") is treated as no encryption. After you choose an encryption key, make sure you store it in a safe place in case you need it.

Every DataStore object created following the initialization will have encryption enabled and all of its data will be encrypted at rest on the device. Note that encryption can only be enabled in a fresh installation of an app. It cannot be applied to an existing database.

Enabling encryption adds about 3 Megabytes to the size of the application on Android and about 2 Megabytes on iOS.