paragonie / ciphersweet

Fast, searchable field-level encryption for PHP projects
https://ciphersweet.paragonie.com
Other
437 stars 32 forks source link

Define EncryptedFieldSet over an entire row #18

Closed paragonie-scott closed 6 years ago

paragonie-scott commented 6 years ago

This is mostly a usability ticket. I want users to be able to do something like this:

<?php
/* use ... */

$fieldset = new EncryptedFieldSet($engine, 'contacts');

$fieldset
    ->addTextField('ssn')
    ->addBooleanField('hivstatus');

$fieldset->addCompoundIndex('contact_ssnlast4_hivstatus', ['ssn', 'hivstatus'], 32)
    ->addTransform('ssn', new LastFourDigits());
    // Adds a transformation to only the SSN before calculating that index

Once the fieldset is defined:

$processed = $fieldset->prepareRow($row);
var_dump($processed);
/*array(
...
'ssn' => ciphertext,
'hivstatus' => ciphertext,
'contact_ssnlast4_hivstatus' => blindindex
...
) */

$db->insert('contacts', $processed);

Searching:

$index = $fieldset->getBlindIndex('contact_ssnlast4_hivstatus', ['1234', true]);
$rows = $db->run("SELECT * FROM contacts WHERE contact_ssnlast4_hivstatus = ?", $index);

Decrypting all encrypted fields in a row from the array:

foreach ($rows as $row) {
    $decrypted = $fieldset->decryptRow($row);
}
paragonie-scott commented 6 years ago

The API changed a bit from when I wrote this issue comment, but it's implemented in #19 and will be released in v1.2.0.