I am required to use AES 256 CBC to encrypt some strings before I store them in a relational database. I prepend the ciphertext with the IV that was used. The plaintext is a unique string (what I call the "key") that has a one to one relationship with users in my application.
The problem is that when a user does something, they send the plaintext key and I have to go retrieve any metadata associated with it (such as the user's ID, permissions, etc.). But I've encrypted the key in the database, so I can't just filter like where encrypted_key = :plain_key. I want to be able to do this retrieval with only the plaintext key and not require that other data are sent with the plaintext key. (It may be necessary that I do use more information in my query; I'm just seeing if there's some clever way around it).
I could just retrieve ALL encrypted keys in the database, and then iterate over all ciphertexts and parse out the IV, re-encrypt the plaintext key I received from the user with the IV, and see if I find a match. I don't want to have to retrieve all ciphertexts though. If the IV were predictable somehow I could do it, but I don't want to use any part of the plaintext key or associated metadata as the IV.