We need to store the salt on the backend. We also need to store the DEK client-side. We will then encrypt and decrypt data.

Einenlum - Coding amongst alpacas and pinball machines

This tutorial demonstrates implementing client-side encryption by storing salts on the backend and Data Encryption Keys (DEK) in localStorage. It covers generating initialization vectors (IVs) for AES-GCM encryption, converting CryptoKey objects to base64 for storage, and encrypting/decrypting data with proper IV handling. The implementation includes database schema changes to store encrypted amounts and IVs, with practical code examples for key serialization, data encryption/decryption functions, and performance considerations showing encryption takes ~0.06ms per operation.

Client-side encryption for web apps (2/4): Storing the salt and DEK, and encrypting/decrypting data