Return-Path: <java-user-return-63407-archive-asf-public=cust-asf.ponee.io@lucene.apache.org>
X-Original-To: archive-asf-public-internal@cust-asf2.ponee.io
Delivered-To: archive-asf-public-internal@cust-asf2.ponee.io
Received: from cust-asf.ponee.io (cust-asf.ponee.io [163.172.22.183])
	by cust-asf2.ponee.io (Postfix) with ESMTP id DD602200D50
	for <archive-asf-public-internal@cust-asf2.ponee.io>; Mon,  4 Dec 2017 18:57:41 +0100 (CET)
Received: by cust-asf.ponee.io (Postfix)
	id DBDEB160BF9; Mon,  4 Dec 2017 17:57:41 +0000 (UTC)
Delivered-To: archive-asf-public@cust-asf.ponee.io
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by cust-asf.ponee.io (Postfix) with SMTP id 2E030160BF7
	for <archive-asf-public@cust-asf.ponee.io>; Mon,  4 Dec 2017 18:57:41 +0100 (CET)
Received: (qmail 10544 invoked by uid 500); 4 Dec 2017 17:57:39 -0000
Mailing-List: contact java-user-help@lucene.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:java-user-help@lucene.apache.org>
List-Unsubscribe: <mailto:java-user-unsubscribe@lucene.apache.org>
List-Post: <mailto:java-user@lucene.apache.org>
List-Id: <java-user.lucene.apache.org>
Reply-To: java-user@lucene.apache.org
Delivered-To: mailing list java-user@lucene.apache.org
Received: (qmail 10532 invoked by uid 99); 4 Dec 2017 17:57:39 -0000
Received: from pnap-us-west-generic-nat.apache.org (HELO spamd1-us-west.apache.org) (209.188.14.142)
    by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 04 Dec 2017 17:57:39 +0000
Received: from localhost (localhost [127.0.0.1])
	by spamd1-us-west.apache.org (ASF Mail Server at spamd1-us-west.apache.org) with ESMTP id DA1B1C5E9C
	for <java-user@lucene.apache.org>; Mon,  4 Dec 2017 17:57:38 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at spamd1-us-west.apache.org
X-Spam-Flag: NO
X-Spam-Score: 1.879
X-Spam-Level: *
X-Spam-Status: No, score=1.879 tagged_above=-999 required=6.31
	tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1,
	HTML_MESSAGE=2, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H3=-0.01,
	RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001] autolearn=disabled
Authentication-Results: spamd1-us-west.apache.org (amavisd-new);
	dkim=pass (2048-bit key) header.d=gmail.com
Received: from mx1-lw-us.apache.org ([10.40.0.8])
	by localhost (spamd1-us-west.apache.org [10.40.0.7]) (amavisd-new, port 10024)
	with ESMTP id CukBSjkZ_brx for <java-user@lucene.apache.org>;
	Mon,  4 Dec 2017 17:57:38 +0000 (UTC)
Received: from mail-lf0-f53.google.com (mail-lf0-f53.google.com [209.85.215.53])
	by mx1-lw-us.apache.org (ASF Mail Server at mx1-lw-us.apache.org) with ESMTPS id E13685F307
	for <java-user@lucene.apache.org>; Mon,  4 Dec 2017 17:57:37 +0000 (UTC)
Received: by mail-lf0-f53.google.com with SMTP id j124so20191037lfg.2
        for <java-user@lucene.apache.org>; Mon, 04 Dec 2017 09:57:37 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20161025;
        h=mime-version:from:date:message-id:subject:to;
        bh=tDTEINYkGLRWxKHGy/j6TgM+rOufKVHZ8Bo5YKQwkQo=;
        b=khxbTlQqrwmbZskRNE1LRyrwYAbQeL+XK1qR5i8ORTfneQU+mp6E1dyYxBl4p9+e7r
         wmc0JgeEUl9jaX0I9af8YBmrFMjELNMj5qVywlA0NZS3Ju00itaiMKqqMWjrFKCfXUhE
         74pLhiaDNh0eunJklpSA+VeeINtKh4qHiC6QtEU7dQuOY21CSX8q9T5/ftl0ke6qH4ZL
         dVSdB7EN4r/kadWEOWxWLYz10PxfiTlJ7wQqdgiF3D1gUZkrvo06lm58kUTPMAWyWl7O
         he9k5kt5ewqbZjSdD4v8lxc3LTnR+MpTmfUu9B23q3GHdKr/5bNxhAeVhnGDK9fGhvGX
         g2pQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:mime-version:from:date:message-id:subject:to;
        bh=tDTEINYkGLRWxKHGy/j6TgM+rOufKVHZ8Bo5YKQwkQo=;
        b=Ztss09WjQC0PJkt0584G/pZs2duk8NryJvflbjofMTx/PENCn03oUz/EBa5rDmvfxW
         nNw4UQr3vVGNkdS1X1r4+vzQeKetg0zRTcuSRoIK5VsQYlhnSxFtaU/FZi51nY6di859
         IJZOBD1RB4d+W/M0rcfhLpb52glvQpXvlYwvR+4R3/OP4F6CLFPPNlUNIi0LDEbrmCPd
         U4rI5NI0OPbW9cmgmiC3qTmn+RxTpzAzGsxsQ1vagUaaOmqsB6l5AJzkN/T7ycgHBLVT
         ycIRFtFrAb/9klZFuHb3VwHvhITeFv5oD5b0HW4z7YbJ/9+g4uKF8OFQ0tl7F4W4UFnL
         wWaQ==
X-Gm-Message-State: AJaThX5TVOrSF0UecLWrZqndu2yX3aTtQeFeNMpOU5Hs1UwtUgSOiKBE
	Bzs3MhBnKGckHApu0hFF7mSy3d/3FX3dwvPg35j8Ng==
X-Google-Smtp-Source: AGs4zMbVM2UUdbyXJkAjtxoNafObTZeiB6nfz2H4vgtQQbhc+Ow7NbpiAAlVwzxkwZyZf1wR2RBcMR/jdHq+V4sl2ac=
X-Received: by 10.46.80.76 with SMTP id v12mr9040584ljd.101.1512410256291;
 Mon, 04 Dec 2017 09:57:36 -0800 (PST)
MIME-Version: 1.0
Received: by 10.46.80.28 with HTTP; Mon, 4 Dec 2017 09:57:35 -0800 (PST)
From: aravinth thangasami <aravinththangasami@gmail.com>
Date: Mon, 4 Dec 2017 23:27:35 +0530
Message-ID: <CAMaX_Zj6Xt_MOBQWCpq5571-L7AMkGGs+N5iiMMvpbz7VshLRA@mail.gmail.com>
Subject: Encryption At Rest - Using CustomAnalyzer
To: java-user@lucene.apache.org
Content-Type: multipart/alternative; boundary="f403045fb5aa14c6a4055f877464"
archived-at: Mon, 04 Dec 2017 17:57:42 -0000

--f403045fb5aa14c6a4055f877464
Content-Type: text/plain; charset="UTF-8"

Hi all,

To support Encryption at Rest, We have written a custom analyzer, that
encrypts every token in the Input string and proceeds to the default
indexing chain

We are using AES/CTR/NoPadding with unique Key Per User.
This helps that the input string with common prefix, the encrypted strings
will also get common prefix
So that we can perform Prefix Query also.

For example,

run           x5X7
runs  x5X7tg==
running x5X7q/nE5g==


During searching, we will preprocess the query for encrypted Field before
searching
we can't do  WildCard & Fuzzy Query


Did anyone try this approach?
Please post your suggestions and your tried approaches


Thanks
Aravinth

--f403045fb5aa14c6a4055f877464--