|Last Updated|| ||Ratings|| ||Unique User Downloads|| ||Download Rankings|
|2018-09-15 (5 months ago) ||Not enough user ratings||Total: 75 This week: 1||All time: 9,290 This week: 455|
This package can encrypt data in away that can be searched.
It can take string of data and a key to create an encrypted version of the data and indexes that can be stored for instance in a database.
Applications can search for the values looking up for index values. Then they can decrypt the data using this package.
If multiple records are found to match the same index value, the applications can traverse a smaller list of records that were found during the search to find the stored records that have the exact value of the key they are searching for.
|One challenge of applications that need to encrypt information to prevent it to been seen by untrusted parties is that when that information needs to be searched, there is the need to look at the decrypted information to find the relevant records of data.
This package implements a solution that creates indexes before encrypting the information, so the searching components can look at the indexes first before actually decrypting a smaller set of possible records that may contain the information is being searched.
This way the search component does not need to decrypt all database records to check which records contain the information that applications need to find.
CipherSweet is a backend library developed by Paragon Initiative Enterprises
for implementing searchable field-level encryption.
Requires PHP 5.5+, although 7.2 is recommended for better performance.
Before adding searchable encryption support to your project, make sure you understand
the appropriate threat model
for your use case. At a minimum, you will want your application and database
server to be running on separate cloud instances / virtual machines.
(Even better: Separate bare-metal hardware.)
CipherSweet is available under the very permissive ISC License
which allows you to use CipherSweet in any of your PHP projects, commercial
or noncommercial, open source or proprietary, at no cost to you.
CipherSweet Features at a Glance
- Encryption that targets the 256-bit security level
(using AEAD modes
with extended nonces to minimize users' rekeying burden).
- Compliance-Specific Protocol Support. Multiple backends to satisfy a
diverse range of compliance requirements. More can be added as needed:
ModernCrypto uses libsodium, the de
facto standard encryption library for software developers.
FIPSCrypto only uses the cryptographic algorithms covered by the
FIPS 140-2 recommendations to avoid auditing complexity.
- Key separation. Each column is encrypted with a different key, all of which are derived from
your master encryption key using secure key-splitting algorithms.
- Key management integration. CipherSweet supports integration with Key
Management solutions for storing and retrieving the master encryption key.
- Searchable Encryption. CipherSweet uses
with the fuzzier and Bloom filter strategies to allow fast ciphertext search
with minimal data leakage.
* Each blind index on each column uses a distinct key from your encryption key
and each other blind index key.
- Adaptability. CipherSweet has a database- and product-agnostic design, so
it should be easy to write an adapter to use CipherSweet in any PHP-based
composer require paragonie/ciphersweet
Please refer to the documentation
to learn how to use CipherSweet.
Please feel free to create an issue
if you'd like to integrate CipherSweet with your software.
CipherSweet was originally intend for use in in SuiteCRM
(a fork of the SugarCRM Community Edition) and related products, although
there is nothing preventing its use in other products.
Therefore, we opted for a pun on "ciphersuite" that pays homage to the
open source heritage of the project we designed this library for.
If the wordplay is too heavy, feel free to juxtapose the two component
nouns and call it "SweetCipher" in spoken conversation.
||Applications that use this package
No pages of applications that use this class were specified.
If you know an application of this package, send a message to the author to add a link here.