question: blindIndex type

[razvanioan]

Very nice package,

I am trying DB (sensitive fields) encryption for the first time, and looked for the best option (to allow fast partial search, algorithms and code API), thus CipherSweet seemed to do the trick ;)

In the article dated 2017 the blind index stored in separate table was consisting of a label and the index value. This is clear how to use.

In the newest version, where flatIndex is false by default, blindIndex returns a secondary parameter called type (beside value).

What's it's purpose and how to use it correctly ?

The only thing I could think is to replace the plainText of the label inside DB, meaning to store and filter by type & value, is this correct ?

PS: sorry to ask this on Issues list, but I thought it would be more direct like this instead of asking on SO.

Best regards,

[paragonie-scott]

If you need to store your indexes in a separate table, you want to use "typed" rather than "flat" indexes. If you're storing blind index values in the same table (i.e. just a new column on the same table), you'll want a "flat" index instead.

The default in version 2 is flat, but in version 1, the default was typed.

• Typed: ['type' => 'somestring', 'value' => 'somepseudorandomstring']
• Flat: 'somepseudorandomstring'

That's literally the only difference. Use whichever is easier to work with.

[razvanioan]

Thank you !

[paragonie-scott]

I've added this question to the documentation page to make sure the answer is easier to find: https://ciphersweet.paragonie.com/faq#typed-flat

[razvanioan]

Cool !

Thus I will search for a match of the type & value in the separate index table.

Another unclear thing is how to best establish indexes size. For example having multiple encrypted fields in the same table, having different possible plainText lengths.

I've seen the planner, but couldn't understand exactly how to use it