Actions
Feature #45
openadd backend encryption for all sensitive data
Description
we should not save password (hashes), PINs etc. in plaintext.
Actions
Added by The 2nd about 10 years ago. Updated over 9 years ago.
Description
we should not save password (hashes), PINs etc. in plaintext.
current implementation uses AES encryption in CFB mode.
from Crypto.Cipher import AES
from Crypto import Random
def encrypt(aeskey, data):
""" encrypt string with given aes key """
iv = Random.new().read(AES.block_size)
cipher = AES.new(aeskey.decode("hex"), AES.MODE_CFB, iv)
encrypted_data = iv + cipher.encrypt(data)
return encrypted_data.encode("hex")
still needs some investigation if this is the way to go. but replacing the encrypt/decryption functions should be easy.