Login

Transparent encryption for model fields

Author:
shadfc
Posted:
June 26, 2008
Language:
Python
Version:
.96
Score:
5 (after 5 ratings)

Here's a simple way to transparently encrypt a field (just repeat the idiom for more than one) so that it is not stored plaintext in the database. This might be useful for social security numbers, etc.

The storage size for the ciphertext depends on which algorithm you use. Blowfish here requires 32 characters to store an encrypted 16 characters. Note also that Blowfish requires a block size of a multiple of 8, so that is what the repeat in the _set_ssn() is all about.

The Crypto module is from http://www.amk.ca/python/code/crypto.html

I make no claims as to how secure this scheme is overall, comments on this are welcome.

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
# demo model
from django.db import models
from Crypto.Cipher import Blowfish
from django.conf import settings
import binascii

# Create your models here.
class Person(models.Model):
    first_name = models.CharField(max_length=30)
    last_name = models.CharField(max_length=30)
    social_security_number = models.CharField(max_length=32)

    def _get_ssn(self):
        enc_obj = Blowfish.new( settings.SECRET_KEY )
        return u"%s" % enc_obj.decrypt( binascii.a2b_hex(self.social_security_number) ).rstrip()

    def _set_ssn(self, ssn_value):
        enc_obj = Blowfish.new( settings.SECRET_KEY )
        repeat = 8 - (len( ssn_value ) % 8)
        ssn_value = ssn_value + " " * repeat
        self.social_security_number = binascii.b2a_hex(enc_obj.encrypt( ssn_value ))

    ssn = property(_get_ssn, _set_ssn)



# testing
>>> Person.objects.all().delete()
>>> p = Person.objects.create(first_name='Billy', last_name='Barou', ssn='123-12-1234')
>>> p.ssn
u'123-12-1234'

#sandbox$ mysql -e "SELECT * FROM django_sandbox.field_encryption_person"
#+----+------------+-----------+----------------------------------+
#| id | first_name | last_name | social_security_number           |
#+----+------------+-----------+----------------------------------+
#|  3 | Billy      | Barou     | 94ec660c832c95b31500618a5ffee60f | 
#+----+------------+-----------+----------------------------------+

More like this

  1. Template tag - list punctuation for a list of items by shapiromatron 10 months, 2 weeks ago
  2. JSONRequestMiddleware adds a .json() method to your HttpRequests by cdcarter 10 months, 3 weeks ago
  3. Serializer factory with Django Rest Framework by julio 1 year, 5 months ago
  4. Image compression before saving the new model / work with JPG, PNG by Schleidens 1 year, 6 months ago
  5. Help text hyperlinks by sa2812 1 year, 7 months ago

Comments

Please login first before commenting.