From fe309bc1e3adff2630d4da85303108670f3a0e6b Mon Sep 17 00:00:00 2001
From: Mathis HERRIOT <197931332+0x485254@users.noreply.github.com>
Date: Thu, 8 Jan 2026 15:25:40 +0100
Subject: [PATCH] feat: add hashing methods for email and IP in CryptoService
 for blind indexing

Introduced `hashEmail` and `hashIp` methods to enable searching on encrypted data. Added support to retrieve PGP encryption key from configuration.
---
 backend/src/crypto/crypto.service.ts | 25 +++++++++++++++++++++++++
 1 file changed, 25 insertions(+)

diff --git a/backend/src/crypto/crypto.service.ts b/backend/src/crypto/crypto.service.ts
index 50e96b5..a68ab2e 100644
--- a/backend/src/crypto/crypto.service.ts
+++ b/backend/src/crypto/crypto.service.ts
@@ -34,6 +34,31 @@ export class CryptoService {
 		);
 	}
 
+	// --- Blind Indexing (for search on encrypted data) ---
+
+	async hashEmail(email: string): Promise<string> {
+		const normalizedEmail = email.toLowerCase().trim();
+		const data = new TextEncoder().encode(normalizedEmail);
+		const hashBuffer = await crypto.subtle.digest("SHA-256", data);
+		return Array.from(new Uint8Array(hashBuffer))
+			.map((b) => b.toString(16).padStart(2, "0"))
+			.join("");
+	}
+
+	async hashIp(ip: string): Promise<string> {
+		const data = new TextEncoder().encode(ip);
+		const hashBuffer = await crypto.subtle.digest("SHA-256", data);
+		return Array.from(new Uint8Array(hashBuffer))
+			.map((b) => b.toString(16).padStart(2, "0"))
+			.join("");
+	}
+
+	getPgpEncryptionKey(): string {
+		return (
+			this.configService.get<string>("PGP_ENCRYPTION_KEY") || "default-pgp-key"
+		);
+	}
+
 	// --- Argon2 Hashing ---
 
 	async hashPassword(password: string): Promise<string> {