Why not store a hash of your data alongside the data? If the data is
tampered with, you'll know cause the hash doesn't match. Of course, that
would require that your hash secret isn't stolen along with your data -
which would mean the key should originate from a different identity (say if
it is a particular user's data, the key should live with the user, and
never be transmitted to the server).
On Tuesday, April 2, 2013 6:14:11 AM UTC-7, cocowalla wrote:
Actually, I was more thinking of cryptographic signatures or keyed hashing
(HMAC), rather than encryption?
I will look into doing encryption at the filesystem level though, thanks.
On Monday, April 1, 2013 10:54:39 PM UTC+1, ppearcy wrote:
I don't believe Lucene or elasticsearch provide this. This article has
Likely the best you can do is encrypt at the filesystem level and have
all communication pass over a secure connection.
I believe Lucene 4.0+ has some codec stuff exposed that you might be able
to hook into via a plugin in ES, but am really not sure if that is
On Monday, April 1, 2013 12:48:22 PM UTC-6, cocowalla wrote:
Is it possible to make data in Elasticsearch indices tamper-proof? For
example, does it have the capability to cryptographically sign blocks of
You received this message because you are subscribed to the Google Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email to email@example.com.
For more options, visit https://groups.google.com/groups/opt_out.