lucene-java-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Grant Ingersoll <>
Subject Re: Adding Encryption to lucene indexes
Date Sun, 14 Aug 2011 11:51:12 GMT
You might try searching JIRA, I believe there is an issue in there that attempts to provide
an encrypted Directory implementation.   You might also just use file system encryption.

On Aug 12, 2011, at 8:09 PM, Chris Zakian wrote:

> Hey, thanks for your reply Shaneal,
> I do have a person to consult with about the crypto code, it is just a
> matter of figuring out which streams
> to grab. So encrypting all of the write operations in IndexOutput (and
> DataOutput) and decrypting to plaintext in IndexInput on the way out should
> let me search normally correct? In other words, when I do a query, will it
> also pass through the same classes so that There is still search
> functionality?
> On Fri, Aug 12, 2011 at 6:43 PM, Shaneal Manek <> wrote:
>> For starters, you probably shouldn't be writing your own crypto code
>> (unless you're a professional cryptographer, or your project has
>> access to one to audit your code). See, for example,
>> .
>> If you *have* to, you'll probably want to subclass the NIOFSDirectory
>> (and, more precisely, the IndexInput and IndexOutput streams).
>> A more reasonable approach might be to encrypt the underlying volume
>> the Lucene Index will be on with something like LVM. The details will,
>> of course, depend on the particulars of how/when you have access to
>> your key.
>> -Shaneal
>> On Fri, Aug 12, 2011 at 12:15 PM, Chris Zakian <> wrote:
>>> Hello,
>>> I am currently adding Lucene (in combination with hibernate search) to a
>>> medical record service. As such, I need to encrypt the indexes so that
>>> unauthorized people don't have access to them by bypassing the system's
>>> database security. I was wondering if anyone had a) implemented a
>> security
>>> measure that encrypts the indexes or b) if I were to write my own
>>> encryption, what classes actually handle all the IO to and from the
>> indexes.
>>> In praticular, where would I get the Input/Output Streams in order to
>>> encrypt them.
>>> Thanks,
>>> Chris.
>>> GSOC intern with OpenMRS
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail:
>> For additional commands, e-mail:

Grant Ingersoll

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message