Ideas about lockbox HOT 11 CLOSED

@ankane I'd be really interested in streaming encryption. Let me know if I can help.

from lockbox.

Hey @cj, sorry for the long delay. If this is still interesting, can you explain a bit about your use case? (I'm a bit hesitant to add since most of the time files fit into memory).

from lockbox.

I would love to see per user encryption based on their password (password-derived key)

from lockbox.

Hey @hovancik, can you explain more about your use case and how you'd like it to work?

from lockbox.

@ankane I would like to use so called Password Based Encryption, where usually encryption key is generated from user's password. This is usually used for that.

Example users of this are ie Firefox accounts, Lastpass master password etc.

from lockbox.

Password-based encryption should happen on the client (here's the LastPass architecture), so I'm not sure it's common to be implemented in Ruby. That being said, you can already use PBKDF2 or Argon2 (more secure) for key derivation and then pass the key to Lockbox.

from lockbox.

@ankane, Loved how easy this was to setup in an existing application - thank you.

One idea, I use pg_search in my application to search for documents and I'm unable to use the searching algorithm with the newly encrypted db columns.

Any thoughts on getting this to work with the pg_search gem or maybe gems like that one?

For example, in my model, I have:

  encrypts :title, :body
  blind_index :title, :body

  pg_search_scope :kinda_spelled_like,
                  :against => [:title, :body],
                  :using => {
                    :tsearch => {
                      :prefix => true,
                      dictionary: "english"
                    }
                  }

But when I search, it says it can't find the "title" or "body" column. If I do a super basic query without using pg_search, it seems to query the table just fine - like you mentioned in your readme. But, I would like to use this pg_search gem because of the complex queries you can do with searching.

from lockbox.

Hey @sgriff44, I'm not aware of a way to do efficient searching without leaking significant information about the data. If the number of records is small, you can load all records, decrypt them, and search in memory. If it's larger, you can use an expression blind index to narrow it down, and then search in memory (this approach leaks which records have the same value of the expression).

Edit: fuzzy_match is one option for searching in memory.

from lockbox.

Just fyi, I've expanded on full text searching here: https://github.com/ankane/blind_index#like-ilike-and-full-text-searching

from lockbox.

Great gem and very easy to get set up. How about dynamic types for when the type is configurable based on the model instance?

encrypts :notes, type: -> { get_type }

def get_type
  # this will return one of the allowed types, such as :string, :integer, :float, etc...
end 

from lockbox.

Hey @eafif, sorry for the delay. I don't think it's common enough to add.

Also, moving ideas to #155.

from lockbox.