Per-Field Symmetric Encryption within Java
195 views
Skip to first unread message
James Green
Sep 7, 2012, 6:09:07 AM9/7/12
to mongodb-user
Hi,
Our app currently works in Glassfish 3 and uses Morphia. We have not yet hit production. I now have a requirement to encrypt selected fields of some of my entity models.
An encryption key will exist on a per-customer basis.
Where do I look for doing this stuff? I've only been doing "Java" really this year so I have a vague awareness of Java having an encryption API. I see Spring Security and Jasypt exist too.
Ideally, something that operates almost transparently would be great. At least, apart from setting the key, there ought to be minimal code needed. Perhaps something in place of Morphia if that opens possibilities.
Thanks for any advice given.
James
Our app currently works in Glassfish 3 and uses Morphia. We have not yet hit production. I now have a requirement to encrypt selected fields of some of my entity models.
An encryption key will exist on a per-customer basis.
Where do I look for doing this stuff? I've only been doing "Java" really this year so I have a vague awareness of Java having an encryption API. I see Spring Security and Jasypt exist too.
Ideally, something that operates almost transparently would be great. At least, apart from setting the key, there ought to be minimal code needed. Perhaps something in place of Morphia if that opens possibilities.
Thanks for any advice given.
James
Scott Hernandez
Sep 7, 2012, 7:53:37 AM9/7/12
to mongod...@googlegroups.com
You can add an annotation in Morphia to make this pretty transparent
to the application, or use the lifecycle methods so your java objects
never know it is happening. I would imagine it working much like
@Serialized.
The more important ramifications are that in the database you will not
be able to search on these fields (except for exact matches possibly)
since the data in encrypted.
> --
> You received this message because you are subscribed to the Google
> Groups "mongodb-user" group.
> To post to this group, send email to mongod...@googlegroups.com
> To unsubscribe from this group, send email to
> mongodb-user...@googlegroups.com
> See also the IRC channel -- freenode.net#mongodb
to the application, or use the lifecycle methods so your java objects
never know it is happening. I would imagine it working much like
@Serialized.
The more important ramifications are that in the database you will not
be able to search on these fields (except for exact matches possibly)
since the data in encrypted.
> You received this message because you are subscribed to the Google
> Groups "mongodb-user" group.
> To post to this group, send email to mongod...@googlegroups.com
> To unsubscribe from this group, send email to
> mongodb-user...@googlegroups.com
> See also the IRC channel -- freenode.net#mongodb
James Green
Sep 7, 2012, 8:17:45 AM9/7/12
to mongod...@googlegroups.com
I'm not concerned about searching on encrypted fields - the searchable ones are used for operations and have no personal data at all.
Regarding @Serialized, how does this actually work? I am wondering which components do what.
Thanks,
James
Regarding @Serialized, how does this actually work? I am wondering which components do what.
Thanks,
James
Scott Hernandez
Sep 22, 2012, 8:56:51 AM9/22/12
to mongod...@googlegroups.com
On Fri, Sep 7, 2012 at 8:17 AM, James Green <james.m...@gmail.com> wrote:
> I'm not concerned about searching on encrypted fields - the searchable ones
> are used for operations and have no personal data at all.
>
> Regarding @Serialized, how does this actually work? I am wondering which
> components do what.
It will call the java serialization system and store the raw bytes in
> I'm not concerned about searching on encrypted fields - the searchable ones
> are used for operations and have no personal data at all.
>
> Regarding @Serialized, how does this actually work? I am wondering which
> components do what.
a binary field.
Reply all
Reply to author
Forward
0 new messages