0

We have a requirement to encrypt a string and see if the encrypted string already exists in a database.

If we use AES-GCM the same unencrypted data results in a different encrypted string each time. This renders the matching useless.

Is there a way using Java to remove the signature from the signed cipher text to reveal a cipher text that we can match on?

s.k
  • 519
  • 4
  • 7
  • 23
  • 1
    if it is possible use any hash algorithms which always produce same hash values when the data is not different, and it is still unreadable for others too. – BDRSuite Apr 20 '15 at 04:31
  • Good idea. Our initial implementation long ago used a hash. Unfortunately the data has to be stored. So we would have to store both the hash and the encrypted data. Also, for what we need hashing the original data provides a mathematical link to the original. A combination of the mathematical link and compliance constraints means hashing is not possible. – s.k Apr 23 '15 at 03:56

1 Answers1

4

The signature isn't the problem. Like most modern encryption modes, AES-GCM uses an initialization vector; secure implementations will generate an IV randomly. Since the IV is chosen differently each time, it follows that the encrypted data will be different as well.

Depending on your requirements, you will need to either force the IV to a constant value, or use a different encryption mode. (It may not be necessary to encrypt the data at all; if the only task that needs to be supported is lookup, a cryptographic hash function may be more appropriate!)

  • So we looked at this and you are quite right. Unfortunately we can not set the IV on the tool set that we were using. So we changed the tool and are happily en/decrypting and matching now. Thank you. – s.k Apr 23 '15 at 03:58