Closed Bug 763103 Opened 12 years ago Closed 12 years ago

Encrypt key fields

Categories

(Marketplace Graveyard :: Payments/Refunds, defect, P1)

Product:
Marketplace Graveyard
Component:
Payments/Refunds
Platform:
x86
macOS
Type:
defect

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: andy+bugzilla, Assigned: andy+bugzilla)

References

Details

Should we be encrypting key fields?

Things include: pre-approval key, paypal_id of the seller.

If so how?
rforbes: last time I remember talking about this we discussed using a key file on disk and doing AES encrypt/decrypt with the MySQL function. This is what we do for the in-app payment secrets: bug 742751
sounds good to me.
I'd like to encrypt the following fields:

Buyers: key (< preapproval key)
Sellers: paypal_id (< paypal_email), token (< permissions token), secret (< permissions secret)

Is it possible to abstract that AES field a little so we just say models.AESField? Would be a nice library to have lying around for this stuff.
(In reply to Andy McKay [:andym] from comment #3)
> Is it possible to abstract that AES field a little so we just say
> models.AESField? Would be a nice library to have lying around for this stuff.

Yeah, that's exactly what I'm thinking too. I think we can expand the implementation here https://github.com/mozilla/zamboni/commit/32883fe58a89b3f429a0512fd1f9ea50c4e33c66#L0R370 to be more like http://djangosnippets.org/snippets/2489/
That would be awesome.
@rforbes: does this encryption remove the requirement for bug 759021 or should that requirement be part of this bug?
For the record, encryption of data using a PIN is not required. That will be seperate.
Assignee: nobody → amckay
Priority: -- → P1
https://github.com/mozilla/solitude/commit/aa971a
Status: NEW → RESOLVED
Closed: 12 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.