Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Case insensitive operations #10

Open
mdima opened this issue Mar 14, 2023 · 4 comments
Open

Case insensitive operations #10

mdima opened this issue Mar 14, 2023 · 4 comments

Comments

@mdima
Copy link

mdima commented Mar 14, 2023

Hello,
is there any way to perform a case insensitive operation on an encrypted field?

What I would like to execute is something like:
ClassName = ClassName.Where(CN => CN.Surname.ToLower().Contains(Value.ToLower()));

or even better:
ClassName = ClassName.Where(CN => CN.Surname.Contains(Value, StringComparison.OrdinalIgnoreCase));

or finally:
ClassName = ClassName.Where(CN => CN.Surname.IndexOf(Value, StringComparison.OrdinalIgnoreCase) >= 0);

At the moment I am converting everything to list, then performing the where on "client side".

Thanks,
Michele
@harrison314
Copy link
Owner

No, it is not possible, because encrypted fields can only be searched for an exact match. (Otherwise the encryption would be pointless. On the database side, all encrypted fields are stored as binary data.)

It is only going to make a case insenitive match so that the lowercase value is stored in the encrypted column.

@mdima
Copy link
Author

mdima commented Mar 14, 2023

Ok, clear. Need to understand how to combine this with a table with potentially million of records.

Thank you for your answer.

@harrison314
Copy link
Owner

Like this. If it is to be searched (substring, compare numbers,...) by column or indexed, it cannot be encrypted in the database.

If the column is encrypted with the option EncryptionMode.Deterministic, then it is possible to search it for an exact match. But that has its problems, for example, it is possible to statistically estimate what the individual values ​​mean. In this mode, I recommend encrypting unique data (eg. social security number).

If the column is encrypted with the option EncryptionMode.Randomized, it is not possible to search against that column. But the data stored in this way is resistant to statistical attacks.

@mdima
Copy link
Author

mdima commented Mar 15, 2023

The column is encrypted with the option EncryptionMode.Deterministic, the point is that I have two requirements:

  1. Encrypt the personal data (name and surname);
  2. Implement a user friendly search for name and surname... which means "contains with case insensitive".

I totally understand that this two requirements are not coherent, at least with the solutions available right now.

The point is that we have a lot of data in that table, at the moment the only way is to retrieve all the information from the DB (translate the entities to a list of entities) then search on the list, in stead of let SQLServer search for the records and return only the records that match.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@mdima @harrison314