Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Encrypt & Decrypt Index Fields In RavenDB

Tags:

c#

reflection

ravendb

My application has a requirement that we need to encrypt index fields. Right now the encryption/decryption is handled at the application level. I want to move the encryption process away from the application layer so I don’t have to manually encrypt data in model or in the query.

I want to decorate the model with attributes to determine if the field should be encrypted or not. I was looking at using IDocumentConversionListener to handle the conversion to and from a document. Is this the best place to handle this? If so, how do I encrypt/decrypt only the fields with attributes in a complex model? Below is an example of the model with two fields that need to be encrypted.

    public class User
    {
        public string Id { get; set; }
        [EncryptAttribute]
        public string Name { get; set; }
        public Contact PhoneNumber { get; set; }
        public class Contact
        {
            public string Type { get; set; }
            [EncryptAttribute]
            public string Value { get; set; }
        }
    }

public class SecureFieldListener : IDocumentConversionListener
{
   public void EntityToDocument(object entity, RavenJObject document, RavenJObject metadata)
   {

   }
   public void DocumentToEntity(object entity, RavenJObject document, RavenJObject metadata)
   {

   }
}
like image 269
Phil Avatar asked Apr 09 '26 15:04

Phil

1 Answers

As for how to store documents encrypted, look here: http://daniellang.net/document-level-encryption-in-ravendb/

Encrypting the indexes at a high level (above lucene) has a lot of severe problems and I'm pretty sure that you don't want to do that. Range queries wouldn't work, ordering would be broken, full-text search impossible, etc.

Please note that by default, raven stores fields inside lucene without field storage. That means, while you can use them in queries, you can't actually retrieve their value back as a search result. However, I understand that in very secure environments this might not be sufficient, as it could be possible to extract them somehow though.

So if you really need such high security, I suggest you go for one of the following option:

  • Don't use indexes
  • Encrypt the index folder in ravens server at filesystem level (e.g. using TrueCrypt)
  • Extend RavenDB, so that it uses your own lucene FSDirectory implementation, that uses a symmetric algorithm for all disk I/Os
like image 169
Daniel Lang Avatar answered Apr 19 '26 16:04

Daniel Lang
Sign in to Comment

Related questions

Logon failed for login due to trigger execution
How to re-render Blazor component when a parameter changes
How does MediatR know which handler to call?
C# AWS Lambda Function - Could not find the specified handler assembly with the file name 'LambdaTest, Culture=neutral, PublicKeyToken=null'
How to handle OnClick command of UserControl using command in Windows Phone 8
Selection Rectangle like Excel in WPF DataGrid
How to select a row inside a datagridview cell?
How to implement a generic interface with a child generic interface
datagrid access in C#
Peer-to-peer behind the NATs using C#
How to load Checkin Policy in custom TFS-Plugin
c# Time taken to load file
How to deserialize an XML document into a List<> while overriding the item names
SqlCommand SQL statement being executed twice
Entity Framework Code First callback on object instantiation
Connecting to QuickBooks desktop
How can I create a binding in code-behind that doesn't specify a Path?
auto disposing of objects created in function calls
jQuery.validate is ignoring my rule declarations
what is best way to schedule a reboot?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!