Search Request -> SHA1(Data) -> Do Search Query

Yo everyone, I am fairly new to MongoDB & loving it so far, however I do need some advice how to achieve something so I can go full force with using this DB.

So TL:DR - I am working on a TCG, & each card has a private & public key. I need to generate the public key server side using SHA1.

So the public key is stored in the DB & is public to all, but the public key is generated using the private key, this helps protects ownership. But what I am looking to do is modify the MongoDB search query process where a search is, instead of being performed on

db.test.find( { "key": "private_key" } )

on the server side of things, it’d perform

db.test.find( { "key": SHA1("private_key"+"hash") } )

this way the hash is only known to the server & there is one added layer of security for the user in terms of protecting their card ownership. Of course you see the issue of calculating this public key locally, because this adds no obfuscation, if the server is just expecting a public key, any user can look up any card on the publicly available card db & spoof any card they desire.

Of course a user gets access to a private key they dont own, be it through nefarious means, or borrowing a friends key, or past ownership, its possible for them to spoof, but I have extra security measures in place that is probably beyond the scope of this thread.

What advice to you have for me? As it stands, based on my experience i’d do some convoluted process in which i’d host a server, send the request to the server, have the server to the encryption, & then do the query & then send it back to the user, but MongoDB seems powerful enough to have some work around this.

Thanks for your time!

Hi @jabril_Ashe ,

Maybe I am not fully understand the entire use case but I guess you can actually benefit from our client side encryption features:

This way you can encrypt data and therefore don’t need to use this hashing pattern to secure data…

Let me know if that makes sense.


1 Like