It's been pointed out to me that you don't need a separate version column. More than likely you'll be encoding the encrypted value, and you can prefix that value with the version.
For example, ':' is not a valid Base64 character, so the encryption string could just be prefixed with the key version if you encode in Base64. On Tue, Feb 10, 2009 at 8:35 AM, Michael Gentry <[email protected]> wrote: > I updated the document. I tried to simplify the key protection stuff > (hopefully it makes a bit more sense) and added an example at the > bottom on how you might do a search and fetch using encrypted field > values. > > http://people.apache.org/~mgentry/Security_Manifesto.pdf > > > mrg >
