The Encryption Template

Explore

Technical Information

A technical walkthrough of the solution.

What's Changed?

Give me the latest! What's news?

Performance Test

Comparing the old and new methods of character conversions.

⁠

⌂

⁠

For more detailed information about how this all works, here’s a technical walkthrough of the encryption and decryption workflows.

If you’re already familiar with how I implemented encryption in my previous doc,
Can You Keep A Secret?⁠
, then head through to the
What's Changed?⁠
page to see the updates I’ve made to the workflows since launching that previous doc.

The Template

Head over to

Encryption Template⁠

to view the table.

You’ll notice some extremely important and highly confidential secrets are stored, but I’m confident enough in my implementation to know those are safely secured. 🤞

⁠

Adding a New Secret

Anyhoo... click the + New Secret button and you’ll get to the

New Secret⁠

form.

There are a few fields you’ll need to fill out:

Name of Item. This is the item’s “title” - a way to identify it in the table. It’s stored unencrypted.

Secret Text. This is the content you wish to encrypt. For now, the template only supports the encryption of plain text. Coming soon... images, rich text, and even tables! (don’t hold me to that, I have no idea if that’s even possible!)

Password and Confirm Password. These two fields must match in order to proceed with the encryption. In a real-life use-case it may be wise to alert the user if their password is too short or too simple. For additional peace of mind, it wouldn’t be difficult to integrate

haveibeenpwned.com⁠

to make sure they haven’t selected a password that’s already been part of a data breach in the past.

If an attacker runs out of other options and is forced to brute-force the password, the first ones they’ll try are the many lists of “popular passwords” available online. I’m not going to link to any, but they’re easy enough to find.

⁠

Ew, why are you using a "Confirm Password" field?!

⁠

From the information you provide, we generate the encrypted Ciphertext.

I go through this in detail in

CYKAS⁠

, but here’s more info about how that works:

⁠

How does that work?

⁠

Click the Continue→ button and a new tab will open in your browser showing you a Confirmation Form. This displays the Title you entered along with two additional fields:

Salt. This is a pseudorandom string of characters used to increase the security of the hash generated from your password. For information about salting, check out

the Wikipedia page⁠

Encrypted. This is the generated ciphertext which will be stored into the Encryption Template table. It should be a gibberish bunch of characters. If it’s not (ie, if your text is displayed unencrypted) then something’s gone wrong. Please do not submit this form.

You can then click Submit and your item will be saved to the table. Pretty easy, right?

Ok but why are there two forms?

I was hoping the experience was fluid enough not to draw too much attention to itself, but congrats on spotting that something fishy was going on!

⁠

Why two forms?!?

⁠

Decrypting an Item

To decrypt an item, head over to

Encryption Template⁠

and click the View Item button on any row.

This takes you to the

Decrypt Secret⁠

page.

You’ll see a form with just one field requesting the Password of the item you want to decrypt.

Enter the Password and you’ll see your item is displayed decrypted below.

If you don’t see your the text straight away, you may need to click away from the password field so that it’s no longer in focus. This will trigger the decryption process.

⁠

Wait, how did that work?

⁠

If all of this is piquing your interest in encryption, I can totally relate. It’s an absolutely fascinating field of computer science.

For a deep-dive into encryption in general, and the back-story behind this template, check out my doc “Can You Keep a Secret?”. It’s a deep-dive into the subject, full of interactive examples, history, hacking, games, demo apps, and more. I’m really proud of it, and I’m sure you’ll enjoy it.

If you’re ready to start with encryption in your own docs,

⁠

Can you keep a secret? This doc introduces a few techniques to implement encryption in Coda. coda.io⁠

⁠

Ready to use encryption in your own Coda Docs?

Head to the Quick Start Guide and we’ll get you setup in no time!

⁠

Quick Start Guide

⁠

Gallery

Want to print your doc?
This is not the way.

Try clicking the ⋯ next to your doc name or using a keyboard shortcut (

CtrlP

) instead.