custom-d / hashed-search
A hashed search package for adding a searchable hash to your encrypted database columns
Installs: 2 620
Dependents: 0
Suggesters: 0
Security: 0
Stars: 3
Watchers: 8
Forks: 2
Open Issues: 0
Requires
- php: ^8.1
- ext-intl: *
- illuminate/support: ^10.0|^11.0
Requires (Dev)
- orchestra/testbench: ^8.0|^9.0
- phpunit/phpunit: ^10.0
README
Package description: Package to allow hashing of encrypted data for searching
Installation
Install via composer
composer require custom-d/hashed-search
Publish package assets
php artisan vendor:publish --provider="CustomD\HashedSearch\ServiceProvider"
Usage
Eloqent Models
In your model add the use CustomD\HashedSearch\Contracts\HasSearchableHash;
trait and add a new property protected $searchableHash = ['bank_name'];
Eg:
<?php namespace App\Models; ... use CustomD\EloquentModelEncrypt\ModelEncryption; use CustomD\HashedSearch\Contracts\HasSearchableHash; class EncryptedModel extends Model { use ModelEncryption; use HasSearchableHash; protected $searchableHash = ['encryp_column_1','encypted_column_2']; ... }
Now on each save event, it will update the search hash for those columns.
To search:
EncryptdModel::searchHashedField('encryp_column_1','clear text here');
Manual usage
You can manually has items by running the follwing code:
\CustomD\HashedSearch\Facades\HashedSearch::create('string to hash');
Methods
the \CustomD\HashedSearch\Facades\HashedSearch
Class has the following methods
- create(string $value, string $saltModifier = "" ): ?string
- setSalt(string salt): SELF
- setTransliterator(string rule): SELF
- setHashes(?string $cypherA = null, ?string $cypherB = null): SELF
Security
An important consideration in searchable encryption is leakage, which is information an attacker can gain. Blind indexing leaks that rows have the same value. If you use this for a field like last name, an attacker can use frequency analysis to predict the values. In an active attack where an attacker can control the input values, they can learn which other values in the database match.
Here’s a great article on leakage in searchable encryption. Blind indexing has the same leakage as deterministic encryption.