MindLake.Cryptor

In MindLake, it is essential to encrypt all private data and store it as ciphertext. This ensures that only the data owner and authorized users can decrypt the data and access the plaintext.

Each specific combination of user, table, and column has a unique key that is used to encrypt and decrypt the data in that column. The column-specific keys are further protected by encrypting them with the user's account key. This ensures that only authorized users with access to the account key can access the column keys and decrypt the data.

1. encrypt() Method

This method is employed for encrypting data. When using the data with insertion, the target column must be specified. When the data is a constant value and utilized for querying, the appropriate data type should be specified.

await mindLake.cryptor.encrypt(data, column | dataType)

Parameters

  1. data - any: the sensitive data to be encrypted.

  2. column | dataType - string | MindLake.DataType:

    • When employing this method for data insertion, the parameter must be designated as a column in string format. This string representation serves to identify the target column for data insertion. To define the parameter, concatenate the table name and column name using a dot as the separator. The proper format for specifying a column is: "TableName.ColumnName".

    • When utilizing this method for querying and the data is a constant value, this parameter specifies the data type according to the MindLake.DataType enumeration.

Returns

An object of Promise<>. For more information.

  • result - string: the encrypted result is represented as a hex-formatted string.

Example

const cryptor = mindLake.cryptor;
const result = await cryptor.encrypt('secret data','tableName.columnName');
const cipher = result.result

2. decrypt() Method

Decrypt the cipher data with the corresponding key. The decryption key is handled automatically by parsing the header info of the cipher data, without requiring the user to manually designate the key or the column.

await mindLake.cryptor.decrypt(cipher)

Parameters

  1. cipher - string: the encrypted cipher represented as a hex-formatted string

Returns

An object of Promise<>. For more information.

  • result -any: the decrypted result.

Example

const selectSql = `select name from wallet_balance`;
const res6 = await dataLake.query(selectSql);
if(res6.code !== 0) {
  console.error(res6.message);
  return
}
for (const row of res6.result.data) {
  for (const encryptData of row) {
    const decryptRes = await cryptor.decrypt(encryptData);
    console.log(decryptRes.result);
  }
}

Last updated