<If you use the System.Cryptography functions on a word, it _should_ remain
the same when you run it a second time. This means you could encrypt each
word, then do a search on the encrypted phrase. This way, you'd have a
Lucene index of encrypted words.>
Just wanted to say, that's a great idea -- at least as a last resort. <...
it _should_ remain the same when you run it a second time.> If it doesn't,
it's because the cryptography was bogus. The index would however become
much larger. This could be helped if you could store the encrypted words in
the native bye[] produced in encryption (perhaps chunk the array into
Int64s), but from my read of Lucene in Action, seems like they said
searching on types other than string isn't really supported (storage yes,
searching upon, no) ... but that could be wrong. Otherwise you'd need to
convert the encrypted byte[] into Base64. See this example which becomes
4xs larger ("a word" with 6 chars to a 24 char result; these are functions
from the library DotNetExtensions www.dotnetextensions.com):
string encrypted = "a word".EncryptToBase64("secret!"); //
"DY9oTzZkaTxbXmbSH/+SfA==", 24 chars
byte[] encryptedBytes = "a word".Encrypt("secret!"); //encryptedBytes is a
lot shorter at 16, but still 2 1/2x larger....
Nick
On Thu, Feb 25, 2010 at 4:41 PM, Trevor Watson <[email protected]>wrote:
>
> Just throwing ideas your way in general, If you use the
> System.Cryptography functions on a word, it _should_ remain the same when
> you run it a second time. This means you could encrypt each word, then do a
> search on the encrypted phrase. This way, you'd have a Lucene index of
> encrypted words.
>
> Then if you are using the Lucene index as the data store as well, you could
> potentially decrypt each field word by word as well.
>
>
> We have a program that temporarily stores data on a users computer using
> System.IO.IsolatedStorage. If you could decrypt the entire Lucene index
> each time the program starts, you could store it in there and access it (so
> long as the index isn't overly large so the start-up decrypt doesn't take
> too long).
>
> If the IsolatedStorage isn't working for a Lucene index you could create
> a RAM Disk or temporary disk on the drive to store the lucene index while
> accessing it, you could look at Dokan (dokan-dev.net) (there's a .NET
> wrapper for this) to create a temporary drive on your computer and decrypt
> the index into it.
>
> Trevor Watson
>
>
>
> On 2/25/2010 4:16 PM, Hans Merkl wrote:
>
>> Hi, I am working on a desktop app that will use Lucerne as search engine.
>> The app will be installed on the user's machine and the index will be
>> stored
>> on the local hard disk.
>>
>> The data is potentially confidential so I would like to protect the index
>> from unauthorized access. The data needs to be secure even when the user's
>> machine gets stolen.
>>
>> 2 approaches I have come up with so far:
>>
>> - Use Windows NTFS encryption. Should be secure unless the unauthorized
>> person knows how log in as the user that created the index.
>> - Use TrueCrypt. This should be very safe but it requires the installation
>> of TrueCrypt and administrative rights to install the encrypted drive.
>>
>> The application will be distributed to many users so I would like to keep
>> the installation as simple as possible.
>>
>> Does anybody have experience with this scenario? Right now I think the
>> easiest approach would be NTFS encryption. What do you think?
>>
>> Thanks!
>>
>>
>>
>>
>>
>
>
