Don't know how feasible it is, but we could query the encrypted data without decrypting. We still have tables, columns and rows and with encrypted names and values. Then we could parse the sql statement and encrypt the names and values in it and then run it against the database. The returned result is then the only thing that needs to be decrypted. How does that sound? This approach will obviously give away that data in certain columns is the same, and maybe there is more downsides to this that I don't see.

Cheers,
	Erik Jan 

On 14 Oct,2013, at 21:47 , Summers Pittman <supittma@redhat.com> wrote:

> One of the things that came up while discussing offline secure storage 
> on Android was how to query encrypted data.
> 
> The first ideas that I could think of were:
> 
> 1) Load encrypted files/data/databases into memory, decrypt them, query 
> them, return results and GC the decrypted data.
> 
> 2) magical phonetic encryption
> 
> 3) Include queryable decrypted metadata along with encrypted payloads.  
> The payloads will not be queryable and only be decrypted if metadata 
> matches the query.
> 
> #1 has some benefits (easy to implement across platforms, doesn't 
> require a lot of work) and some draw backs (large datasets would eat 
> into available memory, whole dataset would be vulnerable to a VM attack).
> 
> #2 is a placeholder for better ideas.
> 
> #3 is interesting because it is a middle of the road approach.  One of 
> the options for implementation I thought of would be to annotate fields 
> in the VO being stored as "privledged" and they would be the only ones 
> encrypted/decrypted when an object is stored or loaded.
> 
> wdyt?
> _______________________________________________
> aerogear-dev mailing list
> aerogear-dev@lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/aerogear-dev

_______________________________________________
aerogear-dev mailing list
aerogear-dev@lists.jboss.org
https://lists.jboss.org/mailman/listinfo/aerogear-dev