How do i go about encrypting data before saving to stable memory

I wanna encrypt all user data and store the encrypted data to stable memory so that users can be confident that the data is only visible by the user who owns said data. Does anyone have an example that they can link me to where this encryption is achieved?

1 Like

I think at the moment you can either:

  1. Encrypt the data before it reaches the IC so that the key isn’t at risk of being compromised (e.g. by a node provider)
  2. Encrypt the data in a canister, with the above caveat about exposing the keys
  3. Wait for Threshold Key Derivation - Privacy on the IC

Option 2 clearly isn’t secure, for the reason you state under 1: any node can see both the unencrypted data sent in and the key.

1 Like

Option 3 it is! Thanks @paulyoung