My two cents worth of comment, For our local lucene indexes we use AES encryption. We encrypt the blocks on the way out, decrypt on the way in. We are using a C version of lucene, not the java version. But, I suspect the same methodology could be applied. This assumes the data at rest is the attack vector for discovering what is in the invertible index. But allows for the indexing/querying to be done in the clear. This would allow for stemming and the like.
If you have an attack vector in which the indexing/querying are not trusted, then you have a whole different set of problems. To do stemming, you need a homomorphic encryption scheme which would allow per character/byte queries. This is different type of attack vector than the on-disk encryption. To me, this implies the query system itself is untrusted and you are indexing/querying encrypted content. The first "thing" people are going to try is to hash a token into a 256bit value which becomes the indexable token value. This leads to the lack of stemming from above comments. Depending on how keys are handled and hashes are generated you can run out of token space in the various underlying lucene indexes because you have more than 2 million tokens. On Tue, Jun 25, 2019 at 10:21 AM Ahuja, Sakshi <ahuj...@upmc.edu> wrote: > I am actually looking for the best option so currently doing research on > it. > For Window's FS encryption I didn't find a way to use different > Username/Password. It by default takes window's username/password to > encrypt and decrypt. > > I tried bitlocker too for creating encrypted virtual directory (Which > allows me to use different credentials) and to keep Solr Index in that but > somehow Solr Admin was unable to access Index from that encrypted > directory. Not sure how that is working. > > If you have any idea on that- will wok for me. Thanks! > > -----Original Message----- > From: Jörn Franke <jornfra...@gmail.com> > Sent: Tuesday, June 25, 2019 12:47 PM > To: solr-user@lucene.apache.org > Subject: Re: Encrypting Solr Index > > Why does FS encryption does not serve your use case? > > Can’t you apply it also for backups etc? > > > Am 25.06.2019 um 17:32 schrieb Ahuja, Sakshi <ahuj...@upmc.edu>: > > > > Hi, > > > > I am using solr 6.6 and want to encrypt index for security reasons. I > have tried Windows FS encryption option that works but want to know if solr > has some inbuilt feature to encrypt index or any good way to encrypt solr > index? > > > > Thanks, > > Sakshi >
