Bao is a secure, fast, multi-platform encryption library for your data. With Bao, you can store your data on a cloud platform without concern about prying eyes. Bao ensures that data is accessible only to the end users. Bindings are for Go, Java, Dart and Python. Support for WebAssembly is experimental.
Why?
Modern applications often live on cloud platforms and benefit from the scalability and affordability that a shared, maintained environment offers. They are also subject to concern on data control, not knowing exactly who can access and manage the data.
Bao protects your data with an encryption layer. Data is decrypted only on the end user device, whether it is a pc or a mobile phone. And the end user can grant access to other people. The access control is secured by blockchains.
How?
Bao uses envelope encryption: your data is encrypted with a random AES key, and that AES key is then encrypted with an elliptic key assigned to each authorized user. Every user has their own envelope key, all recorded on the blockchain. The blockchain also stores access rights, such as which user is an admin and can grant or revoke access.
The below code shows how Alice and Bob can exchange data securely:
from baolib import *
# Create identities
alice, alice_secret = newKeyPair()
bob, bob_secret = newKeyPair()
# Alice creates a vault with S3 storage
store = Store({'type': 's3', ...})
vault = Vault.create(Vault.users, alice_secret, store, DB('alice.db'))
# Alice grants Bob access
vault.sync_access(0, AccessChange(bob, Access.read_write))
# Alice writes a file
vault.write('shared/message.txt', src='hello.txt')
# Bob opens Alice's vault with his own database
vault_bob = Vault.open(Vault.users, bob_secret, alice, store, DB('bob.db'))
vault_bob.read('shared/message.txt', 'output.txt')
Besides file storage, Bao offers a SQL interface. By using the SQL interface, you can implement a local first, distributed DB for your application.
