Question: how to use for db field encryption

[99hops]

What should one do in order to use this library to encrypt and store the value in database column securely.

What I am thinking about is the extra information that has to be kept in order to decrypt: $IV and $T (say $A is always the same) as they have to be stored somewhere for each individual row/field.

I can concat them like $C:$IV:$T and store them like that but would this defeat their point as whey will be available as part of the ecrypted value stored?

If so how should this be done in the context of db storage?

Thanks in advance!

[afk11]

@nforced good questions but I think you need a cryptographer to answer this to be certain about what it means for your setup + threat model. Not that I'm qualified to help.. but try attacking your design by doing weird stuff: eg: what would happen if someone swapped two rows in the database? Sorry if this seems naggy, just want to make sure you consider everything before moving forward with a solution :)

But FWIW, I've concat'd them all up like that before. C, IV, and T are all required to decrypt, but without K, the only thing an attacker learns about the plaintext is the length (GCM is a stream cipher)