Use an encrypting filesystem rather than encrypt the index IMO. Here's the problem. Any encryption process that you could use for encoding short tokens that you can then search is easily broken (ask Adobe about that!).
Wildcards won't work. Consider that you've indexed (encrypted) running and run. Searching run* won't match running, unless the encryption is completely trivial. You _can_ (and I have) create a custom bit of code that will encrypt the _stored_ data but not the indexed data. That still makes it possible to pretty much reconstruct the document from the index. It's painful, but it can be done (Luke does this for instance). Basically, any scheme I've seen that allows robust searching doesn't really buy you much in the way of security, you're better off encrypting at the filesystem level. Best, Erick On Tue, Nov 19, 2013 at 6:35 AM, Vincent Sevel <v.se...@lombardodier.com>wrote: > Hi, > > I am looking for an option to use lucene with an encrypted index on disk. > I looked for some lucene encrypted directories and found few options: > > - https://issues.apache.org/jira/browse/LUCENE-2228 > > - https://code.google.com/p/lucenetransform/ > But they are old, or with no activity. > > I am wondering if there are recommended solutions in that space? > Thanks for helping, > vince > > ************************ DISCLAIMER ************************ > This message is intended only for use by the person to > whom it is addressed. It may contain information that is > privileged and confidential. Its content does not constitute > a formal commitment by Lombard Odier & Cie or any of its > branches or affiliates. If you are not the intended recipient > of this message, kindly notify the sender immediately and > destroy this message. Thank You. > ***************************************************************** >
