Searching encrypted values

fatefree · **Joined:** Thu Jun 14, 2007 6:14 pm **Posts:** 15

I know these two things don't usually mix well, but I'm wondering if its still a possibility. My application requirement is to encryped a large string of text, but still allow users to search for it.

I am using Jasypt's encrypted user types to encrypt the data. As I understand, this step happens before the Lucene listeners are invoked, and thus lucene is unable to index the original text. Is there a potential solution in allowing lucene to index the object before the encryption takes place? Perhaps using an interceptor instead of the provided listeners?

Has anyone had this requirement before, or have any ideas on how it could be done?

sanne.grinovero · **Posted:** Tue Feb 15, 2011 9:01 pm

assuming you're using a two-way encryption, you could create a custom fieldBridge which decrypts the data as needed when adding it into the index.
people won't easily be able to extract text from the index, but it could be possible: maybe store the index on a encrypted partition.

fatefree · **Joined:** Thu Jun 14, 2007 6:14 pm **Posts:** 15

Thanks, I'll definitely look into that. The first question that comes to mind is, can I create a custom FieldBridge through spring? For instance, I would need to inject my encryptor into the fieldbridge in order for it to work. I noticed the annotation takes an impl class which wouldn't really work. Fortunately though I am not using annotations, but I have a feeling the programmatic API will expect a class as well. Do you have any ideas on how I can get around this?

sanne.grinovero · **Posted:** Thu Feb 17, 2011 5:21 pm

instead of using injection, Spring also provides some static methods to grab instances - like pulling them in instead of having them pushed by Spring.
sorry I don't remember the exact method name.

fatefree · **Joined:** Thu Jun 14, 2007 6:14 pm **Posts:** 15

Thanks for the ideas, I noticed that I could implement the ParameterizedBridge interface and pass a value there. Since my programmatic API occurs in a dao that is managed by spring, I can simply inject the encryption manager in the same dao, and pass it to the fieldbridge as a parameter. Thanks!

fatefree · **Joined:** Thu Jun 14, 2007 6:14 pm **Posts:** 15

Well it looks like the parameter can only be a string. Thats really unfortunate, I thought I had it figured out.

sanne.grinovero · **Posted:** Sat Feb 19, 2011 9:27 pm

as I said, use the static helpers from Spring to get a reference