Actions
Feature #45
openadd backend encryption for all sensitive data
Description
we should not save password (hashes), PINs etc. in plaintext.
Updated by The 2nd over 9 years ago
- Subject changed from Add backend encryption for all sensitive data to add backend encryption for all sensitive data
Updated by The 2nd over 9 years ago
- Status changed from Neu to In Bearbeitung
- % Done changed from 0 to 90
current implementation uses AES encryption in CFB mode.
from Crypto.Cipher import AES
from Crypto import Random
def encrypt(aeskey, data):
""" encrypt string with given aes key """
iv = Random.new().read(AES.block_size)
cipher = AES.new(aeskey.decode("hex"), AES.MODE_CFB, iv)
encrypted_data = iv + cipher.encrypt(data)
return encrypted_data.encode("hex")
still needs some investigation if this is the way to go. but replacing the encrypt/decryption functions should be easy.
Updated by The 2nd almost 9 years ago
Maybe we should use AES in GCM mode in the future:
Actions