In MindLake, it is essential to encrypt all private data and store it as ciphertext. This ensures that only the data owner and authorized users can decrypt the data and access the plaintext.

Each specific combination of user, table, and column has a unique key that is used to encrypt and decrypt the data in that column. The column-specific keys are further protected by encrypting them with the user's account key. This ensures that only authorized users with access to the account key can access the column keys and decrypt the data.

1. encrypt() Method

This method is employed for encrypting data. When using the data with insertion, the target column must be specified. When the data is a constant value and utilized for querying, the appropriate data type should be specified.

mindlake.cryptor.encrypt(data, columnOrType: str|DataType) -> ResultType
# mindlake is an instance of MindLake

Parameters

1. data - any: the sensitive data to be encrypted.

2. columnOrType - str|DataType:

   • When employing this method for data insertion, the parameter must be designated as a column name in str format. This string representation serves to identify the target column for data insertion. To define the parameter, concatenate the table name and column name using a dot as the separator. The proper format for specifying a column is: "TableName.ColumnName".

   • When utilizing this method for querying and the data is a constant value, this parameter specifies the data type according to the MindLake.DataType enumeration.

Returns

An object of ResultType. For more information.

• data - str: the encrypted result is represented as a hex-formatted string.

Example

result = mindlake.cryptor.encrypt('secret data','tableName.columnName')
assert result, result.message
cipher = result.data

2. decrypt() Method

Decrypt the cipher data with the corresponding key. The decryption key is handled automatically by parsing the header info of the cipher data, without requiring the user to manually designate the key or the column.

mindlake.cryptor.decrypt(cipher: bytes|str) -> ResultType
# mindlake is an instance of MindLake

Parameters

1. cipher - bytes|str: the encrypted cipher, either in binary format or represented as a hex-formatted string starting with \x.

Returns

An object of ResultType. For more information.

• data - any: the decrypted result.

Example

result = mind.datalake.query("SELECT token FROM test_table_enc")
assert result, result.message
print(result.data['columnList'][0])
for row in result.data['data']:
    result = mind.cryptor.decrypt(row[0])
    assert result, result.message
    print(result.data)