[aerogear-dev] Querying encrypted data
Summers Pittman
supittma at redhat.com
Mon Oct 14 15:47:33 EDT 2013
One of the things that came up while discussing offline secure storage
on Android was how to query encrypted data.
The first ideas that I could think of were:
1) Load encrypted files/data/databases into memory, decrypt them, query
them, return results and GC the decrypted data.
2) magical phonetic encryption
3) Include queryable decrypted metadata along with encrypted payloads.
The payloads will not be queryable and only be decrypted if metadata
matches the query.
#1 has some benefits (easy to implement across platforms, doesn't
require a lot of work) and some draw backs (large datasets would eat
into available memory, whole dataset would be vulnerable to a VM attack).
#2 is a placeholder for better ideas.
#3 is interesting because it is a middle of the road approach. One of
the options for implementation I thought of would be to annotate fields
in the VO being stored as "privledged" and they would be the only ones
encrypted/decrypted when an object is stored or loaded.
wdyt?
More information about the aerogear-dev
mailing list