diff --git a/web/database/utils/constants.js b/web/database/utils/constants.js
index 6bd6f014f..f9930c2e1 100644
--- a/web/database/utils/constants.js
+++ b/web/database/utils/constants.js
@@ -1,3 +1,4 @@
 // @flow
 
 export const SQLITE_CONTENT = 'sqliteFileContent';
+export const SQLITE_ENCRYPTION_KEY = 'encryptionKey';
diff --git a/web/database/worker/db-worker.js b/web/database/worker/db-worker.js
index 9bb42cfa3..c1e0c1e4c 100644
--- a/web/database/worker/db-worker.js
+++ b/web/database/worker/db-worker.js
@@ -1,99 +1,106 @@
 // @flow
 
 import localforage from 'localforage';
 import initSqlJs, { type SqliteDatabase } from 'sql.js';
 
 import {
   type SharedWorkerMessageEvent,
   type WorkerRequestMessage,
   type WorkerResponseMessage,
   workerRequestMessageTypes,
   workerResponseMessageTypes,
   type WorkerRequestProxyMessage,
 } from '../../types/worker-types.js';
 import { getSQLiteDBVersion } from '../queries/db-queries.js';
-import { SQLITE_CONTENT } from '../utils/constants.js';
+import { SQLITE_CONTENT, SQLITE_ENCRYPTION_KEY } from '../utils/constants.js';
+import { generateDatabaseCryptoKey } from '../utils/worker-crypto-utils.js';
 
 const localforageConfig: PartialConfig = {
   driver: localforage.INDEXEDDB,
   name: 'comm',
   storeName: 'commStorage',
   description: 'Comm encrypted database storage',
   version: '1.0',
 };
 localforage.config(localforageConfig);
 
 let sqliteDb: ?SqliteDatabase = null;
 
 async function initDatabase(sqljsFilePath: string, sqljsFilename: ?string) {
   const content = await localforage.getItem(SQLITE_CONTENT);
 
   const locateFile = defaultFilename => {
     if (sqljsFilename) {
       return `${sqljsFilePath}/${sqljsFilename}`;
     }
     return `${sqljsFilePath}/${defaultFilename}`;
   };
   const SQL = await initSqlJs({
     locateFile,
   });
 
   if (content) {
     sqliteDb = new SQL.Database(new Uint8Array(content));
   } else {
     sqliteDb = new SQL.Database();
   }
 
   const dbVersion = getSQLiteDBVersion(sqliteDb);
   console.info(`Db version: ${dbVersion}`);
 }
 
 async function processAppRequest(
   message: WorkerRequestMessage,
 ): Promise<?WorkerResponseMessage> {
   if (message.type === workerRequestMessageTypes.PING) {
     return {
       type: workerResponseMessageTypes.PONG,
       text: 'PONG',
     };
   } else if (message.type === workerRequestMessageTypes.INIT) {
     await initDatabase(message.sqljsFilePath, message.sqljsFilename);
     return;
+  } else if (
+    message.type === workerRequestMessageTypes.GENERATE_DATABASE_ENCRYPTION_KEY
+  ) {
+    const cryptoKey = await generateDatabaseCryptoKey();
+    await localforage.setItem(SQLITE_ENCRYPTION_KEY, cryptoKey);
+    return;
   }
 
   throw new Error('Request type not supported');
 }
 
 function connectHandler(event: SharedWorkerMessageEvent) {
   if (!event.ports.length) {
     return;
   }
   const port: MessagePort = event.ports[0];
   console.log('Web database worker alive!');
 
   port.onmessage = async function (messageEvent: MessageEvent) {
     const data: WorkerRequestProxyMessage = (messageEvent.data: any);
     const { id, message } = data;
 
     if (!id) {
       port.postMessage({
         error: new Error('Request without identifier'),
       });
     }
 
     try {
       const result = await processAppRequest(message);
       port.postMessage({
         id,
         message: result,
       });
     } catch (e) {
       port.postMessage({
         id,
         error: e,
       });
     }
   };
 }
 
 self.addEventListener('connect', connectHandler);
diff --git a/web/types/worker-types.js b/web/types/worker-types.js
index bd1fd706f..38485f7e1 100644
--- a/web/types/worker-types.js
+++ b/web/types/worker-types.js
@@ -1,51 +1,57 @@
 // @flow
 
 // The types of messages sent from app to worker
 export const workerRequestMessageTypes = Object.freeze({
   PING: 0,
   INIT: 1,
+  GENERATE_DATABASE_ENCRYPTION_KEY: 2,
 });
 
 export type PingWorkerRequestMessage = {
   +type: 0,
   +text: string,
 };
 
 export type InitWorkerRequestMessage = {
   +type: 1,
   +sqljsFilePath: string,
   +sqljsFilename: ?string,
 };
 
+export type GenerateDatabaseEncryptionKeyRequestMessage = {
+  +type: 2,
+};
+
 export type WorkerRequestMessage =
   | PingWorkerRequestMessage
-  | InitWorkerRequestMessage;
+  | InitWorkerRequestMessage
+  | GenerateDatabaseEncryptionKeyRequestMessage;
 
 export type WorkerRequestProxyMessage = {
   +id: number,
   +message: WorkerRequestMessage,
 };
 
 // The types of messages sent from worker to app
 export const workerResponseMessageTypes = Object.freeze({
   PONG: 0,
 });
 
 export type PongWorkerResponseMessage = {
   +type: 0,
   +text: string,
 };
 
 export type WorkerResponseMessage = PongWorkerResponseMessage;
 
 export type WorkerResponseProxyMessage = {
   +id?: number,
   +message?: WorkerResponseMessage,
   +error?: Error,
 };
 
 // SharedWorker types
 export type SharedWorkerMessageEvent = MessageEvent & {
   +ports: $ReadOnlyArray<MessagePort>,
   ...
 };