I'm using one of the latest version of Neo4j Enterprise (5.26.1) with the related apoc (5.26.2).
In the previous versions (4.x) there were two useful apoc functions
WITH 'my-secret-key' AS key, 'Sensitive Data' AS plaintext
CALL apoc.crypto.encrypt(plaintext, key, 'AES') YIELD value
RETURN value AS encrypted_text;
with it's counterpart apoc.crypto.decrypt
Now, with the current 5.26.2 apoc version those function disappeared.
Do you know what is happened and how can I obtain the same old fashioned result?
Thanks
Ciao @glilienfield
I can't find that pair of procedures in the APOC documentation. Which version were you using that had those procedures?
I cannot remember: I haven't still got that DB.
But what I'm trying to do is to find a way to introduce encrypt and decrypt data using a couple of public and private keys.
In apoc there were (maybe) some function to encrypt with AES, but I need to invert the encription, so, for me it's basically fundamental to encrypt/decrypt with 2 keys.
AFAYK, is there any way to solve this problem in neo4j?
Or have any alternative ways to obtain the same results?
I wouldn't recommend flattening security to Neo4J - whatever programming language you are using above cypher should be the one providing your encryption (Python, Java, etc).
That way your keys would be stored safely (otherwise you have to put them in your queries or inside a node for anyone to see ...).
I agree with you:
my goal, to be GDPR compliant, is to store public and private key in a safe store (like aws or google), then return it (just one at a time, depending if you are in the encryption or decryption phase) directly from cypher (maybe adding some jave extension if needed) and use them to encrypt/decrypt data.
In my head, I'd need 3 things:
- an apoc call to retrieve the required key from the safe like call apoc.downloadKey(keyRef) :: [publicKey | privateKey]
- an apoc function like call apoc.encrypt (originalValue, publicKey) :: encriptedValue
- an apoc function like call apoc.decrypt ("EncryptedValue, privateKey) :: originalValue
of course, these functions must be assigned to a encrypt/decrypt role to be executed.
What do you think?
I think you need to clarify the architecture, is your entire solution just a set of neo4j queries/stored procedures?
well, I'd like to squeeze out from cypher everything I can.
The rest (the minimum) will be written in nodejs or python
Then, I would suggest that your encryption go to NodeJS or Python ...
You want your data infrastructure (Neo4J) to be fast and simple to decouple from the logic layer (Python). Adding encrypt/decrypt will slowdown your servers.
well, Josh, I agree with you that this would be the right options, also because it seems that neo4j has nothing to offer 
Thank you
