eelke/IdentityShroud
1
0
Fork 0
Code Issues 4 Pull requests Projects Releases Packages Wiki Activity Actions

Improve encryption for sensitive data in db #5

New issue
Open
opened 2026-02-19 17:56:31 +00:00 by eelke · 0 comments
eelke commented 2026-02-19 17:56:31 +00:00
Owner
Copy link

Use simple binary storage

  • version smallint
  • blob

Probable need some rule that sizes can become variable length in the future by having first n bytes have highest bit set.
We might want to do AAD later on, this will be a new version so that could easily allow an extra size and field. If we want it
really future proof we could start with a bit mask.

  • bit 0, set if nonce present
  • bit 1, set if tag present
  • bit 2, set if aad present
  • cypher is allways present and last field

With each key store

  • id
  • keyData
  • createdAt

In future maybe other parameters

Use simple binary storage - version smallint - blob <nonce size><nonce><tag size><tag><cypher> Probable need some rule that sizes can become variable length in the future by having first n bytes have highest bit set. We might want to do AAD later on, this will be a new version so that could easily allow an extra size and field. If we want it really future proof we could start with a bit mask. - bit 0, set if nonce present - bit 1, set if tag present - bit 2, set if aad present - cypher is allways present and last field With each key store - id - keyData - createdAt In future maybe other parameters
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
main
5-improve-encrypted-storage
client-service-and-api
validation
No results found.
Labels
Clear labels   
bug

Something is not working

  
duplicate

This issue or pull request already exists

  
enhancement

New feature

  
help wanted

Need some help

  
invalid

Something is wrong

  
question

More information is needed

  
wontfix

This won't be fixed

No labels
bug
duplicate
enhancement
help wanted
invalid
question
wontfix
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: eelke/IdentityShroud#5
No description provided.
Delete branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?