-
Notifications
You must be signed in to change notification settings - Fork 29
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add encrypt-then-MAC using HMAC and the same encryption key #69
Conversation
That way the old DjangoUnicodeDecodeError will be raised on invalid keys. This should provide complete backwards compatibility.
from hmac import compare_digest | ||
return compare_digest(a, b) | ||
except ImportError: | ||
return a == b |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
django.utils.crypto
has a constant_time_compare
for this same backport.
I like the direction of this change though it has some issues on Python 3. I think #22 will most likely be address (if I can ever find the time) by moving to https://github.com/orcasgit/django-fernet-fields which uses the |
Current coverage is
|
Sorry it took me awhile to get back to this. Thank you for contributing! ❤️ |
@mlavin thanks for merging. do you have a new release planned with this in current master? |
I pushed out a release today. Thank you again for this contribution and your patience! |
Maybe a step towards key rotation (#22) is detecting valid key before decrypting.
In any case, i was annoyed by the cryptic (little pun intended :))
DjangoUnicodeDecodeError
that resulted from having the wrong key and was looking to actually detect valid credentials before attempting to decrypt. So i added a HMAC (default, md5) signature between$AES$
and the cyphertext. Now invalid key raises aSignatureException
.This still works with unsigned database values, as it simply checks for the number of items when splitting the value at the
$
. I also ripped out the encryption stuff into its own class, which has asign
attribute to get back the old behavior (incl theDjangoUnicodeDecodeError
).