Multiple ciphers #60
Comments
|
The simplest way is to add the multiple ciphers to the Then to encrypt data with the version 3 key: encrypted = SymmetricEncryption.cipher(3).encrypt("Hello World")
# "QEVuQwIAPiplaSyln4bywEKXYKDOqQ=="If headers are enabled in the config file, then the usual SymmetricEncryption.decrypt(encrypted)
# "Hello World"It is also possible to store customer/client specific ciphers in a database table ( or other data source ), protected using the global cipher. This is a more powerful, yet more complex approach that requires creating an managing instances of |
|
Customer/client specific ciphers is precisely what I have been contemplating but it has not been clear to me how to apply a stored cipher to a specific customer's records. From what you said above I can imagine that I should be able to use the customer_id as the key version (or perhaps use customer_id as index into a table containing the key version and cipher.) Does that seem appropriate? BTW. Do the key version numbers have to be sequential? A random key version number would add an additional layer of complexity for a hacker. |
Hi @reidmorrison, I saw that you mentioned storing client-specific ciphers in a db table... what would be the best way for me to find out more about this approach? |
I apologize in advance being this may not be a feature of symmetric-encryption. But I was unsure of where else I could ask.
Our app has a need to encrypt data for different purposes and control access for decrypting. Some data should use one cipher while other data should use another cipher.
It looks like you can configure secondary ciphers, but it looks like this more for key rotation.
What is your suggestion? Use secondary ciphers, multiple symmetric-encryption instances each with their own config (I don't know if this is even possible), or some other method I am not clearly seeing?
Thanks!
The text was updated successfully, but these errors were encountered: