16đź‘Ť
Why not just encrypt the normal sequential ids instead? To someone who doesn’t know the encryption key, the ids will seem just as random. You can write a wrapper that automatically decrypts the ID on the way to the DB, and encrypts it on the way from the DB.
15đź‘Ť
I created a gist based on this question: https://gist.github.com/735861
Following Amber’s advice, the private keys are encrypted and decrypted using DES. The encrypted key is represented in base 36, but any other character-based representation will work as long as the representation is unique.
Any model that would need this kind of encrypted private key representation only needs to inherit from the model and manager shown in the code.
Here’s the meat of the code:
import struct
from Crypto.Cipher import DES
from django.db import models
class EncryptedPKModelManager(models.Manager):
"""Allows models to be identified based on their encrypted_pk value."""
def get(self, *args, **kwargs):
encrypted_pk = kwargs.pop('encrypted_pk', None)
if encrypted_pk:
kwargs['pk'] = struct.unpack('<Q', self.model.encryption.decrypt(
struct.pack('<Q', encrypted_pk)
))[0]
return super(EncryptedPKModelManager, self).get(*args, **kwargs)
class EncryptedPKModel(models.Model):
"""Adds encrypted_pk property to children."""
encryption = DES.new('8charkey') # Change this 8 character secret key
def _encrypted_pk(self):
return struct.unpack('<Q', self.encryption_obj.encrypt(
str(struct.pack('<Q', self.pk))
))[0]
encrypted_pk = property(_encrypted_pk)
class Meta:
abstract = True
For a Transaction object called transaction, transaction.encrypted_pk would return an encrypted representation of the private key. Transaction.objects.get(encrypted_pk=some_value) would search for objects based on the encrypted private key representation.
It should be noted that this code assumes only works for private keys that can be represented properly as long values.
- Django – disable one of system checks
- Performing non-blocking requests? – Django
- Django formset – show extra fields only when no initial data set?
- Dict keys with spaces in Django templates
3đź‘Ť
os.urandom(n) can “Return a string of n random bytes suitable for cryptographic use”. Just make sure that n is large enough for 2**(8*n) to be well above the square of the number of “unique” keys you want to identify, and you can make the risk of collision as low as you want. For example, if you think you may end up with maybe a billion transactions (about 2**30), n=8 might suffice (but play it safe and use a somewhat larger n anyway;-).
2đź‘Ť
You should be able to set the transactionRef column in your database to be unique. That way, the database will not allow transactions to be added with the same transactionRef value. One possibility is to randomly generate UUIDs — the probability of random UUIDs colliding is extremely small.
- Error: Cursor' object has no attribute '_last_executed
- Django disable editing (but allow adding) in TabularInline view
2đź‘Ť
Random integers are not unique, and primary keys must be unique. Make the key field a char(32) and try this instead:
from uuid import uuid4 as uuid
randomRef = uuid().hex
UUIDs are very good at providing uniqueness.
- How to find top-X highest values in column using Django Queryset without cutting off ties at the bottom?
- GenericForeignKey and Admin in Django
- Django rest framework logging different levels on different files