带有数据表的Laravel:搜索加密的数据 [英] Laravel with datatables: searching encrypted data

问题描述

在使用Laravel的数据表时遇到了一个很大的问题.我有一个具有3个值的模型，该3个值由setter/getter自动加密(使用Crypt).

I have encountered a great issue while using Laravel's datatables. I have a model that has 3 values automatically encrypted (using Crypt) by setter/getter.

我正在使用数据表来渲染表:

I am using datatables to render a table by doing so:

    return datatables()->of(Patient::query())
        ->addColumn('name_surname', function($row){
            return $row->name.' '.$row->surname;
        })
        ->make(true);

有3种方法可以将模型传递给数据表:

There is 3 ways to pass a model to datatable:

1. 通过查询(患者:: query())
2. 按集合(Patient :: all())
3. 通过DB Facade

第三个不解密数据.查询是超快速的，但不允许搜索数据收集可用于所有内容，但速度极慢.(5-7秒/表抽奖).我也尝试过对其进行缓存，但是这并没有给我带来任何帮助

The third doesnt decrypt data. The query is ultrafast but doesnt allow searching through data Collection allows on everything but it's ultra slow. (5-7 seconds / table draw). I also tried caching it but it didnt bring any help to this to my suprise

如何在不影响性能下降的情况下搜索加密数据?

How can I possibly search through encrypted data without causing performance to drop so low?

顺便说一句.这就是Trait im用于setter加密和getter解密

Btw. That's the Trait im using for setter encryption and getter decryption

public function getAttribute($key)
{
    $value = parent::getAttribute($key);
    if (in_array($key, $this->encryptable)) {
        $value = Crypt::decrypt($value);
    } return $value;
}

public function setAttribute($key, $value)
{
    if (in_array($key, $this->encryptable)) {
        $value = Crypt::encrypt($value);
    }
    return parent::setAttribute($key, $value);
}

推荐答案

更新(2019-06-02):有一个实现此目的的独立库，称为CipherSweet .此外，正在开发Laravel适配器 .

Update (2019-06-02): There's a standalone library that implements this, called CipherSweet. Additionally, a Laravel adapter is in the works.

此问题已在标题为(适当)的博客文章中得到解答，

This has been answered in a blog post titled (appropriately), Building Searchable Encrypted Databases with PHP and SQL. You can expand upon its contents by asking yourself the following questions:

1. 我加密的数据有多敏感?
   • 如果人们的生命受到威胁，可能会受到严重影响:使用KDF作为盲指标.
   • 不太好:将HMAC用于盲索引.

• 从未发生冲突:使用完整的KDF/HMAC输出.
• 冲突好:截断(节省存储空间)，用作Bloom过滤器.

回答完这些问题后，将确保您的加密提供密文完整性(例如，libsodium的 crypto_secretbox()每条消息随机随机数)，并且将使用具有不同密钥的HMAC/PBKDF2可以生成明文的盲索引，以与密文(即单独的列)一起存储.

Once you have these questions answered, you're going to make sure your encryption provides ciphertext integrity (e.g. libsodium's crypto_secretbox() with a random nonce per message), and you're going to use HMAC/PBKDF2 with a different key to generate a blind index of the plaintext to store alongside the ciphertext (i.e. separate column).

代替查询密文，只需重建盲索引，然后解密结果即可.这为您提供了快速，可靠的搜索操作，同时仍提供了语义安全的数据加密.

Instead of querying for the ciphertext, just rebuild the blind index then decrypt the results. This gives you a fast, reliable search operation while still offering semantically-secure data encryption.

这篇关于带有数据表的Laravel:搜索加密的数据的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！