[ISSUE]Reducing overhead

Question

[ISSUE]Reducing overhead

devendermishra opened this issue a year ago · 3 comments

Describe the query
For acrablock mode, there is additional overhead of 138 bytes. Is there any way to reduce this overhead?

To Reproduce
NA

Expected behavior
NA

Acra configuration files
NA

Environment (please complete the following information):
NA

Additional context
NA

Answer 1 · 2023-12-04T22:35:01.000Z

Depends on what you actually want. If you want to decrease overhead in one type of storage and okay to move this overhead - you can use tokenization. It's another security control that uses tokenization + encryption under the hood. Data in the database will have the same size but ciphertext will be stored in another storage token db (open-source Acra supports in-memory storage, BoltDB, Redis).
If your goal is to decrease storage space then only one approach - write own envelope for encrypted data in the Acra. AcraBlock is one of the types of envelopes. AcraStruct is another. They use themis as crypto library with its own containers for ciphertext and wraps with own.
Both these approaches are about open source of Acra. You can extend it for your needs as you want and we designed crypto envelope with a goal to be able to easily extend it.

Additionally, you can look on AcraEnterprise and discuss improvements and extensions for your case

Answer 2 · 2023-12-05T02:38:31.000Z

@Lagovas Thanks. I think for envelope, you want to point a different link. It is pointing to tokenization. Can you provide me the exact link of documentation for writing own envelope?

Answer 3 · 2023-12-06T13:13:05.000Z

@Lagovas Thanks. I think for envelope, you want to point a different link. It is pointing to tokenization. Can you provide me the exact link of documentation for writing own envelope?

Oh, sorry. This link I wanted to mention. We don't have detailed instructions how to write own envelope, only high-level description like this. But you can find in source code how to do it:

How to serialize into CryptoEnvelope ciphertext (encrypted parameter) from own implementation
How we encrypt with AcraBlock and read in docs
How we register AcraBlock/AcraStruct implementations and call it for acra-server bin
Interface that should be implemented for custom encryption method

So, adding a new own method of encryption looks like this:

implement ContainerHandler interface somewhere in the crypto package
update InitRegistry function and add registration of own handler

All other staff will serialize/deserialize and support your own Handler ID() in the encryptor_config file. For example if you will implement handler that returns on ID() -> super_crypto, and register it in InitRegistry, then you can specify it in ecnryptor_config as value crypto_envelope