I'm planning to use encryption to keep sensitive data of my users secure in sqlite3. While thinking of an approach, I'm considering storing all the sensitive date in a single table field as an encrypted JSON object. I will be using iron-session, but using their seal and unseal methods for this which bypasses the cookie sessions.
One concern I have is whether this would add significant amounts of overhead in processing, memory, and additional database writes. I can't find much about this issue, so I'm asking the community.
I am using Nodejs with better-sqlite3 for database calls. I haven't written the code yet, so here's the anticipated flow of handling routes that access this encrypted data.
How the field may look unencrypted:
{
firstName: "Tito",
lastName: "Puente",
address: "580 Park Avenue, New York, NY 10036",
email: [email protected] //etc
}
Getting encrypted data.
1) better-sqlite to get encrypted string from database.
2) unseal with iron-session
3) unpack data from JSON and populate the res object.
Changing a field.
1) get encrypted field from DB.
2) unseal
3) assemble a new json object with all old information and the new updates.
4) seal
5) overwrite the same field on the database.
I would use a separate password for database encryption, so other encryption passwords can be rotated.
What performance differences would this model above have compared to a more horizontal approach with each field being its own encrypted value?