Comments (3)
Depends on what you actually want. If you want to decrease overhead in one type of storage and okay to move this overhead - you can use tokenization. It's another security control that uses tokenization + encryption under the hood. Data in the database will have the same size but ciphertext will be stored in another storage token db (open-source Acra supports in-memory storage, BoltDB, Redis).
If your goal is to decrease storage space then only one approach - write own envelope for encrypted data in the Acra. AcraBlock is one of the types of envelopes. AcraStruct is another. They use themis as crypto library with its own containers for ciphertext and wraps with own.
Both these approaches are about open source of Acra. You can extend it for your needs as you want and we designed crypto envelope with a goal to be able to easily extend it.
Additionally, you can look on AcraEnterprise and discuss improvements and extensions for your case
from acra.
@Lagovas Thanks. I think for envelope, you want to point a different link. It is pointing to tokenization. Can you provide me the exact link of documentation for writing own envelope?
from acra.
@Lagovas Thanks. I think for envelope, you want to point a different link. It is pointing to tokenization. Can you provide me the exact link of documentation for writing own envelope?
Oh, sorry. This link I wanted to mention. We don't have detailed instructions how to write own envelope, only high-level description like this. But you can find in source code how to do it:
- How to serialize into CryptoEnvelope ciphertext (
encrypted
parameter) from own implementation - How we encrypt with AcraBlock and read in docs
- How we register AcraBlock/AcraStruct implementations and call it for acra-server bin
- Interface that should be implemented for custom encryption method
So, adding a new own method of encryption looks like this:
- implement
ContainerHandler
interface somewhere in thecrypto
package - update
InitRegistry
function and add registration of own handler
All other staff will serialize/deserialize and support your own Handler ID() in the encryptor_config
file. For example if you will implement handler that returns on ID() -> super_crypto
, and register it in InitRegistry
, then you can specify it in ecnryptor_config as value crypto_envelope
from acra.
Related Issues (20)
- [ISSUE] AcraServer 0.93 + PostgreSQL | Encryption not working with batch insert HOT 4
- [ISSUE] Acra is not parsing inserts ending in 'RETURNING 0' HOT 4
- [ISSUE] Using Acra as proxy/encryptor with rails app fails to encrypt HOT 4
- [ISSUE] Acra throws errors on tables with columns wrapped with double quotes HOT 3
- [ISSUE] Acra replaces null values by an empty string when using prepared statements HOT 3
- [ISSUE] tls_ocsp_from_cert: ignore doesn't ignore database OCSP, undocumented behaviour HOT 4
- Clarification on replacement of Zones HOT 2
- [ISSUE] Tokenization in MariaDB HOT 2
- Question HOT 2
- [ISSUE] "Error 2006: MySQL server has gone away" while executing mysqli prepared statements HOT 1
- [ISSUE] PAN masking does not meet the PCI SSC requirements HOT 1
- Question about AcraCensor: SQL query without "FROM" HOT 2
- Question about poison records HOT 7
- Online SQL grammar editor/tester
- Ask: How to use Masking? HOT 3
- [ISSUE] Encryption Not working HOT 4
- [ISSUE]Supported MySQL Versions HOT 2
- [Query] acraserver in distributed environment behind load balancer HOT 4
- [ISSUE] Index on encrypted column HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from acra.