random initialization vector (IV) - "As the IV has to be passed along with the encrypted message somehow"
Greetings!
The recent noise from MongoDB about encrypted querying made me look at the encryption documentation, here: https://docs.basex.org/wiki/Cryptographic_Module
The signatures seem straight forward enough:
crypto:encrypt|($data as xs:anyAtomicType, $type as xs:string, $key as xs:anyAtomicType, $algorithm as xs:string) as xs:base64Binary|||
||||*crypto:decrypt*($data as xs:anyAtomicType, $type as xs:string, $key as xs:anyAtomicType, $algorithm as xs:string) as xs:string||
||OK, but where is the random initialization vector (IV)?||
||The documentation says:||
||"As the IV has to be passed along with the encrypted message somehow, data which has been encrypted by the |crypto:encrypt| function in BaseX can only be decrypted by calling the |crypto:decrypt| function."||
||I suppose as a standards editor it's the "somehow" that I find troubling. Exactly what "somehow?" ||
||Asking because I would want to invoke a recorded IV to change:||
||"The result of an encryption using the same message, algorithm and key looks different each time it is executed."||
||to:||
||The result of an encryption using the same message, algorithm, key and *IV looks the same* each time it is executed.||
||Such that I can search by delivering an encrypted string in an XQuery statement, to be match against the same encrypted string in BaseX, with the results of the query being returned and the result being decrypted upon delivery to the user.||
||That is the data in BaseX and the query, are never visible during the query or response to the query.||
||Does that make sense?||
||It's not an immediate need but I thought I should ask before it is.||
||Thanks for all you do in this wonderful project!||
||Patrick ||
Hi Patrick,
The Cryptographic Module was implemented by a former team member (Lukas Kircher) a long time ago. I don’t know much about the details, but I assume that the EXPath specification did not provide ways to supply the initialization vector.
Best, Christian
On Wed, Jun 8, 2022 at 5:23 PM Patrick Durusau patrick@durusau.net wrote:
Greetings!
The recent noise from MongoDB about encrypted querying made me look at the encryption documentation, here: https://docs.basex.org/wiki/Cryptographic_Module
The signatures seem straight forward enough:
crypto:encrypt|($data as xs:anyAtomicType, $type as xs:string, $key as xs:anyAtomicType, $algorithm as xs:string) as xs:base64Binary|||
||||*crypto:decrypt*($data as xs:anyAtomicType, $type as xs:string, $key as xs:anyAtomicType, $algorithm as xs:string) as xs:string||
||OK, but where is the random initialization vector (IV)?||
||The documentation says:||
||"As the IV has to be passed along with the encrypted message somehow, data which has been encrypted by the |crypto:encrypt| function in BaseX can only be decrypted by calling the |crypto:decrypt| function."||
||I suppose as a standards editor it's the "somehow" that I find troubling. Exactly what "somehow?" ||
||Asking because I would want to invoke a recorded IV to change:||
||"The result of an encryption using the same message, algorithm and key looks different each time it is executed."||
||to:||
||The result of an encryption using the same message, algorithm, key and *IV looks the same* each time it is executed.||
||Such that I can search by delivering an encrypted string in an XQuery statement, to be match against the same encrypted string in BaseX, with the results of the query being returned and the result being decrypted upon delivery to the user.||
||That is the data in BaseX and the query, are never visible during the query or response to the query.||
||Does that make sense?||
||It's not an immediate need but I thought I should ask before it is.||
||Thanks for all you do in this wonderful project!||
||Patrick ||
-- Patrick Durusau patrick@durusau.net Technical Advisory Board, OASIS (TAB) Editor, OpenDocument Format TC (OASIS), Project Editor ISO/IEC 26300 Co-Editor, ISO/IEC 13250-1, 13250-5 (Topic Maps)
Another Word For It (blog): http://tm.durusau.net Homepage: http://www.durusau.net Twitter: patrickDurusau
basex-talk@mailman.uni-konstanz.de
-
Christian Grün -
Patrick Durusau