from django.db import models
from django import forms
from django.conf import settings
import binascii
import random
import string
class EncryptedString(str):
"""A subclass of string so it can be told whether a string is
encrypted or not (if the object is an instance of this class
then it must [well, should] be encrypted)."""
pass
class BaseEncryptedField(models.Field):
def __init__(self, *args, **kwargs):
cipher = kwargs.pop('cipher', 'AES')
imp = __import__('Crypto.Cipher', globals(), locals(), [cipher], -1)
self.cipher = getattr(imp, cipher).new(settings.SECRET_KEY[:32])
models.Field.__init__(self, *args, **kwargs)
def to_python(self, value):
#values should always be encrypted no matter what!
#raise an error if tthings may have been tampered with
return self.cipher.decrypt(binascii.a2b_hex(str(value))).split('\0')[0]
def get_db_prep_value(self, value):
if value is not None and not isinstance(value, EncryptedString):
padding = self.cipher.block_size - len(value) % self.cipher.block_size
if padding and padding < self.cipher.block_size:
value += "\0" + ''.join([random.choice(string.printable) for index in range(padding-1)])
value = EncryptedString(binascii.b2a_hex(self.cipher.encrypt(value)))
return value
class EncryptedTextField(BaseEncryptedField):
__metaclass__ = models.SubfieldBase
def get_internal_type(self):
return 'TextField'
def formfield(self, **kwargs):
defaults = {'widget': forms.Textarea}
defaults.update(kwargs)
return super(EncryptedTextField, self).formfield(**defaults)
class EncryptedCharField(BaseEncryptedField):
__metaclass__ = models.SubfieldBase
def get_internal_type(self):
return "CharField"
def formfield(self, **kwargs):
defaults = {'max_length': self.max_length}
defaults.update(kwargs)
return super(EncryptedCharField, self).formfield(**defaults)
Feed of latest snippets
Comments
I seems, that you need to make real max_length twice bigger, than len(value)+padding, because encrypted data is bigger.
#
Using a credit card number as an example for this is a bad idea. This isn't PCI compliant and storing CC numbers on your server is a great way to get into a lot of trouble (not to mention pissing your customers off). There is almost no reason to store a CC number, gateways like Authorize.net can do that for you and stay completely compliant.
Also no credit card company in the world allows you to keep CVV for any amount of time, so that shouldn't ever be in your model. Even the gateways can't keep this information.
#
I made some changes in this code and have include it to my django app django-fields. Any help and patches are appreciated.
#
Good point jonknee, modified the example as such
#
I am really new to this, but when i try to implement this i keep getting a TypeError: "Non-hexadecimal digit found"
my code looks like this:
What am i doing wrong? Thanks for the help
#
How could it be adapted for FileField's?
#
To be compatible with Django 1.4, the following updates are needed for line 26: OLD = def get_db_prep_value(self, value): NEW = def get_db_prep_value(self, value, connection, prepared=False):
#
This snippet is cryptographically insecure. While I appreciate your contribution, this snippet should NEVER be used in production. Your code uses a block cipher mode called ECB (electronic codebook). Please see the Wikipedia article http://en.wikipedia.org/wiki/ECB_mode for more details and good examples why this is not a good idea.
If djangosnippets support this, I highly recommend deleting this snippet.
#
Actually it's enough specify the encryption mode to either
cipher.MODE_CBCorcipher.MODE_CTR, no need to delete the snippet :)I guess the easiest would be CTR (stream cipher mode), which allows the plaintext to be of any length, so you won't need to mess with padding any more; an example using your code would be
the reason for using separate instances for encryption and decryption is the fact that you can't encrypt and decrypt with the same cipher instance (the counter will yield a different key), so you need your counter at the same point when decrypting
#