[ISSUE]Reducing overhead about acra HOT 3 CLOSED

Depends on what you actually want. If you want to decrease overhead in one type of storage and okay to move this overhead - you can use tokenization. It's another security control that uses tokenization + encryption under the hood. Data in the database will have the same size but ciphertext will be stored in another storage token db (open-source Acra supports in-memory storage, BoltDB, Redis).
If your goal is to decrease storage space then only one approach - write own envelope for encrypted data in the Acra. AcraBlock is one of the types of envelopes. AcraStruct is another. They use themis as crypto library with its own containers for ciphertext and wraps with own.
Both these approaches are about open source of Acra. You can extend it for your needs as you want and we designed crypto envelope with a goal to be able to easily extend it.

Additionally, you can look on AcraEnterprise and discuss improvements and extensions for your case

from acra.

@Lagovas Thanks. I think for envelope, you want to point a different link. It is pointing to tokenization. Can you provide me the exact link of documentation for writing own envelope?

from acra.

@Lagovas Thanks. I think for envelope, you want to point a different link. It is pointing to tokenization. Can you provide me the exact link of documentation for writing own envelope?

Oh, sorry. This link I wanted to mention. We don't have detailed instructions how to write own envelope, only high-level description like this. But you can find in source code how to do it:

• How to serialize into CryptoEnvelope ciphertext (encrypted parameter) from own implementation
• How we encrypt with AcraBlock and read in docs
• How we register AcraBlock/AcraStruct implementations and call it for acra-server bin
• Interface that should be implemented for custom encryption method

So, adding a new own method of encryption looks like this:

• implement ContainerHandler interface somewhere in the crypto package
• update InitRegistry function and add registration of own handler

All other staff will serialize/deserialize and support your own Handler ID() in the encryptor_config file. For example if you will implement handler that returns on ID() -> super_crypto, and register it in InitRegistry, then you can specify it in ecnryptor_config as value crypto_envelope

from acra.