Reference

CipherStash Glossary

This glossary explains concepts and terms used in CipherStash.


Concepts

  • CipherStash is a searchable encryption platform that allows you to encrypt sensitive data in your database, while maintaining the ability to query it.
  • CipherStash Tandem is a proxy that intercepts SQL queries to your database, encrypting and decrypting sensitive data on the fly.
    • This allows you to encrypt sensitive data in your database without having to change your application code.
    • This also gives you a cryptographically-proven audit trail of all access of sensitive data.

Terms

Ciphertext

Definition: An encrypted version of plaintext, produced by applying an encryption algorithm (a cipher). It is unreadable without a cipher to decrypt it.
Related: Plaintext

Client

Definition: A programmatic access point to a dataset. Each dataset can have multiple clients, but a client is associated with only one dataset.

Client ID

Definition: The unique identifier of a client.

Client Secret

Definition: A secret key used to authenticate a client to CipherStash, used in conjunction with a client key.

Client Key

Definition: A key used to authenticate a client to CipherStash, used alongside a client secret.

Dataset

Definition: A storage unit for one or more database tables containing data for encryption. It includes configuration for encrypted columns and queryable indexes.

Index

Definition: An encrypted data structure for finding records in encrypted columns. Essential for querying encrypted data, as it replaces the need for full table scans, improving performance.
Note: Encrypted indexes are a core feature of CipherStash, supporting range, exact, and match queries.

Plaintext

Definition: Unencrypted information, readable by humans and computers.

ORE (Order Revealing Encryption)

Definition: A searchable encryption technique allowing for search, comparison, and sorting of encrypted data without decryption.

plaintext-duplicate Mode

Definition: An encryption mode in CipherStash where a field's value is duplicated in plaintext and encrypted columns, with queries only made on the plaintext column.

encrypted-duplicate Mode

Definition: An encryption mode in CipherStash where a field's value is duplicated in plaintext and encrypted columns, with reads and decryption from the encrypted column, and queries on encrypted indexes.

encrypted Mode

Definition: An encryption mode in CipherStash where a field's value is only in encrypted columns, with both reads and queries performed on these encrypted elements.

Previous
Frequently Asked Questions