SecureField™ is a field-level encryption capability providing an extra layer of data protection for your customer PII (Personally Identifiable Information) data, and any other important, personal, private information which must not fall into unauthorized hands.
When combined with secure web application practices, database encryption, and end-to-end SSL, SecureField™ technology is another layer of protection for critical content.
SecureField™ is a Java technology from Starter Inc. which allows you to define automatic encryption and decryption for a data field by using a Java annotation in your code.
The encryption algorithm is implemented with Java JCE using a SHA256 key and the following Cipher implementation:
public static String CIPHER_NAME = "AES/CBC/PKCS5PADDING";
For the full source code please see: SecureEncrypter
When compiling your project, Starter StackGen uses Aspect Oriented Technology to scan your codebase for @SecureField annotations -- and when it finds them, wraps all field access in automatic encryption and decryption capability.
- Enabling secure encryption for a field on a Java Object is as simple as adding the @SecureField annotation to the field
- Java classes do not need to have any encryption or security awareness or methods
- Any POJO class can use @SecureField and there is no need to implement methods, interfaces or subclasses
- Encryption and decryption are transparent to your client code -- automatically encrypting the field value when it is set, and decrypting when the field value is accessed
- SecureField™ values are encrypted in memory and only decrypted upon access by valid calling code -- hackers leveraging stack dumps and memory inspection will see only ciphertext values
- encrypted data fields cannot be searched in databases
- there is a small performance cost to each encryption/decryption call (~1-3 milliseconds typically)
- caching cleartext in any way can defeat your encryption security or create a vulnerability
- encrypted data can ONLY be recovered with the same key that it was encrypted with
- applying the encryption aspects adds an additional finicky step to the StackGen build process
Encrypted data can ONLY be recovered with the same key that it was encrypted with. Do NOT lose your encryption key!
import io.starter.ignite.secure.SecureField; ... // Starter StackGen Annotations @io.starter.ignite.security.securefield.SecureField(enabled=true) protected String accountNumber = null;
In the rare case you might need to access ciphertext of a SecureField™ at runtime, you can easily use Java Reflection to access the ciphertext values without triggering decryption by the Aspect.
import io.starter.ignite.secure.SecureField; ... @SecureField() private String ssn = ""; // social security number