Personalized JSON Encryptions

JSON is a very common data type used for storing data or transmitting it between applications or servers. It features a collection of key-value pair; the key labels the data and serves as its name, the value represents the raw data.

Encrypting a JSON

1. Full Encryption

The entire JSON (be it a stream of data or file) will be encrypted. The encrypted result will be fully unreadable.

2. Key-Value Pair Encryption

Instead, of encrypting the entire JSON. There is the possibility of:

Parsing the JSON
Determining critical data to be encrypted identified by the corresponding keys
Encrypting the value from the selected key-value pairs

With this, part of the JSON is still readable while the sensitive parts are protected. Additionally, this optimizes the encryption process of the JSON, leading to much faster encryptions and decryptions.

JSON Encryption with PQVault

PQVault provides you options to encrypt specific key-value pairs in a JSON depending on the:

You can specify one or more fields to encrypt by inputting the exact field name or name patterns with wildcards (represented as *). For example, giving in private will encrypt any field with private as its name.

On the other hand, inputting personal* will encrypt any field with the name prefixed as personal.

Data in a JSON is typically categorized into sub-groups by using nested objects. To simplify the encryption of these groups, PQVault also offers to encrypt JSON based on the field path. You can specify an exact pointer to the path or a pattern (regex) for multiple paths.

For example, inputting the pointer private/address will only encrypt the value of address in the object private.

On the other hand, inputting the regex private/contact_number_\d+ will encrypt the value of the matched path e.g. contact_number_1, contact_number_2, etc. under the object private.

To start encrypting JSONs, just follow the steps below:

Create share(s) and assign them policies according to who is able to decrypt and access the encrypted fields
Specify which fields you would want to encrypt according to the field names or field path
Use the encryption endpoint to encrypt the JSON

With specific confidential fields in a JSON encrypted, you do not need to worry about sharing your JSON. You can give authorized parties access to those confidential fields, while others can have access to the unencrypted parts. Compared to encrypting an entire JSON, you do not need to decrypt the complete JSON at a trusted node viewing all data. You further avoid complex mechanisms of permission handling such that different groups can access different parts of your JSON data.

  
{
    "id" : 112233
    "name": "Max Thomas",
    "personal_details": {
        "date_of_birth": "01/01/1998",
        "address": "Maxstr. 1, 12345 City",
        "contact_number": "+4911223344"
    },
    "billing_details": {
        "plan": "Premium",
        "iban": "DE1002123450000"
    }
}

Field name iban is being specified for encryption

  
{
    "id" : 112233
    "name": "Max Thomas",
    "personal_details": {
        "date_of_birth": "01/01/1998",
        "address": "Maxstr. 1, 12345 City",
        "contact_number": "+4911223344"
    },
    "billing_details": {
        "plan": "Premium",
        "iban": "{ENCRYPTED}"
    }
}

Fields within personal_details is matched by using regex e.g. personal_details/\w+.

  
{
    "id" : 112233
    "name": "Max Thomas",
    "personal_details": {
        "date_of_birth": "{ENCRYPTED},
        "address": "{ENCRYPTED},
        "contact_number": "{ENCRYPTED}"
    },
    "billing_details": {
        "plan": "Premium",
        "iban": "{ENCRYPTED}"
    }
}