Cross-platform, searchable field-level database encryption
The purpose of this section is to aid the development of cross-platform libraries that speak the same protocols as CipherSweet and to accelerate third-party software security assessments.
- Key Hierarchy explains how each field gets its own encryption key, and how each blind index created on each field gets its own distinct key for calculating hashes.
- Packing explains how we pack multi-part messages together before passing them into a cryptographic function.
- Field-Level Encryption explains how each field is encrypted in CipherSweet. Knowledge of the Key Hierarchy is a pre-requisite to understanding the security consequences of this feature.
- Blind Indexing explains how blind indexes are constructed. Knowledge of the Key Hierarchy is a pre-requisite to understanding the security consequences of this feature.
File Encryption explains how the
EncryptedFileAPI was implemented, including the steps taken to resist TOCTOU attacks.