How can I search my encrypted database records?

Question

I'm building an application in which the database records are encrypted. All the user can see is "content" and "line":

The user can see the line # but the content is encrypted.

While I like the security this offers, it makes it extremely hard to search. If I want to search the records for a specific sub-string, I have to pull all records and decrypt each one one-by-one checking for matches (and I want to return all records that match, so I can't just stop at the first match).

It's especially problematic in my case because I'm using Firebase's free tier which only allows 5000 reads (that's 5000 records) a day. My entire data set is just over 3000 records, so after 1 search, I'm done for the day.

Encrypting database records is a common thing, and so is searching database records for matching sub-strings, so I can't imagine I'm the first to run into this problem. So my question is: how is this problem usually solved?

Answer 1

To allow searching the encrypted data, you'll need to encrypt the search term in the same way that you encrypted the data. If you do that correctly, you'll end up with a search term of "bHbUwMVV72R... and can then use that to match the string in your database.

But Firestore can't search for a substring, so even with this encrypted search term you can only do full (==) and prefix (>= and <=) matches. For more on this see:

• Flutter: Search through text data from Firestore
• Google Firestore: Query on substring of a property value (text search)
• Firestore query documents startsWith a string