This glossary explains concepts and terms used in CipherStash.
- CipherStash is a searchable encryption platform that allows you to encrypt sensitive data in your database, while maintaining the ability to query it.
- CipherStash Tandem is a proxy that intercepts SQL queries to your database, encrypting and decrypting sensitive data on the fly.
- This allows you to encrypt sensitive data in your database without having to change your application code.
- This also gives you a cryptographically-proven audit trail of all access of sensitive data.
Definition: An encrypted version of plaintext, produced by applying an encryption algorithm (a cipher). It is unreadable without a cipher to decrypt it.
Definition: A programmatic access point to a dataset. Each dataset can have multiple clients, but a client is associated with only one dataset.
Definition: The unique identifier of a client.
Definition: A secret key used to authenticate a client to CipherStash, used in conjunction with a client key.
Definition: A key used to authenticate a client to CipherStash, used alongside a client secret.
Definition: A storage unit for one or more database tables containing data for encryption. It includes configuration for encrypted columns and queryable indexes.
Definition: An encrypted data structure for finding records in encrypted columns. Essential for querying encrypted data, as it replaces the need for full table scans, improving performance.
Note: Encrypted indexes are a core feature of CipherStash, supporting range, exact, and match queries.
Definition: Unencrypted information, readable by humans and computers.
ORE (Order Revealing Encryption)
Definition: A searchable encryption technique allowing for search, comparison, and sorting of encrypted data without decryption.
Definition: An encryption mode in CipherStash where a field's value is duplicated in plaintext and encrypted columns, with queries only made on the plaintext column.
Definition: An encryption mode in CipherStash where a field's value is duplicated in plaintext and encrypted columns, with reads and decryption from the encrypted column, and queries on encrypted indexes.
Definition: An encryption mode in CipherStash where a field's value is only in encrypted columns, with both reads and queries performed on these encrypted elements.