CipherSweet is a backend library developed by Paragon Initiative Enterprises for implementing searchable field-level encryption. The library come to answer the question “How do we securely encrypt database fields but still use these fields in search queries?”.
The solution start by avoiding all the problems outlined in the insecure/ill-advised section in one fell swoop: All ciphertexts will be the result of an authenticated encryption scheme, preferably with large nonces (generated from a secure random number generator).
With an authenticated encryption scheme, ciphertexts are non-deterministic (same message and key, but different nonce, yields a different ciphertext) and protected by an authentication tag. Some suitable options include: XSalsa20-Poly1305, XChacha20-Poly1305, and (assuming it’s not broken before CAESAR concludes) NORX64-4-1. If you’re using NaCl or libsodium, you can just use crypto_secretbox here.
Consequently, their ciphertexts are indistinguishable from random noise, and protected against chosen-ciphertext attacks. That’s how secure, boring encryption ought to be.
this presents an immediate challenge: We can’t just encrypt arbitrary messages and query the database for matching ciphertexts. Fortunately, there is a clever workaround.
You can find the solution explained in details in this article. CipherSweet is available under the very permissive ISC License which allows you to use CipherSweet in any of your PHP projects, commercial or noncommercial, open source or proprietary, at no cost to you.
Some of the Ciphersweet features :
- Encryption that targets the 256-bit security level (using AEAD modes with extended nonces to minimize users’ rekeying burden).
- Compliance-Specific Protocol Support. Multiple backends to satisfy a diverse range of compliance requirements. More can be added as needed:
ModernCryptouses libsodium, the de facto standard encryption library for software developers.FIPSCryptoonly uses the cryptographic algorithms covered by the FIPS 140-2 recommendations to avoid auditing complexity.
- Key separation. Each column is encrypted with a different key, all of which are derived from your master encryption key using secure key-splitting algorithms.
- Key management integration. CipherSweet supports integration with Key Management solutions for storing and retrieving the master encryption key.
- Searchable Encryption. CipherSweet uses blind indexing with the fuzzier and Bloom filter strategies to allow fast ciphertext search with minimal data leakage.
- Each blind index on each column uses a distinct key from your encryption key and each other blind index key.
- This doesn’t allow for
LIKEoperators or regular expression searching, but it does allow you to index transformations (e.g. substrings) of the plaintext, hashed under a distinct key.
- Adaptability. CipherSweet has a database- and product-agnostic design, so it should be easy to write an adapter to use CipherSweet in any PHP-based software.
More information at https://github.com/paragonie/ciphersweet
