← Back to team overview

openerp-community team mailing list archive

  1. openerp-community team
  2. Mailing list archive
  3. Message #04766

Re: About encryption in database

  Thread PreviousDate PreviousThread Next 
I would need it for a float or m2o so as is this seems limited for my use

Eric Caudal (From his mobile)

Holger Brunn <hbrunn@xxxxxxxx> wrote:

>Hi Eric,
>
>> I would expect a way to encrypt some critical data at database level
>> (password, accounting information, salaries).
>> I am not sure here but I have the feeling that encryption/decryption
>> though should only be possible through a certificate/key at
>> browser/client level to protect the key from the administrator.
>
>I was playing with this a while ago, you can find my code here: 
>https://code.launchpad.net/~hbrunn/+junk/encrypted_fields
>
>This works with 6.1, but it should be quite simple to port to 7.0. Another 
>addon on my list of addons that just need some polishing to be published when 
>time permits. If anybody else is willing to do that, please!
>
>What does it do? Users are assigned a private/public RSA keypair. When you set 
>up encryption for a (by now text-)field, a symmetric AES key is created whose 
>passphrase is encrypted with the public keys of all users who are supposed to 
>be able to read and write the field. That's roughly what GPG does for mails 
>with multiple recipients.
>
>Caveats:
>- only one group of users can have the keys for one field
>- new users can't view the field even if being member of the right group. A 
>member of that group will have to approve access (= decrypting the passphrase 
>with the old members private key, encrypt it with the new member's public key, 
>write it in the list of encrypted keys)
>- this approach doesn't really work for char or int fields, there some kind of 
>XORing with an encrypted random string should be used I guess.
>- no searching through encrypted fields
>
>Decryption is done on the server side. In my POV, doing it on the client side 
>doesn't really add securitywise, as you still have to trust the code you run. 
>Nobody is going to check if the admin didn't fiddle with the js code to have 
>the passphrases logged or anything like that. Or is there a way of letting the 
>browser do that where the JS code never sees the keys involved?
>
>I'm very interested in the community's comments about this, up to now i 
>thought I was nearly alone with thinking it would be a good thing to have 
>that.
>
>Regards,
>Holger
>
>-- 
>Therp - Maatwerk in open ontwikkeling
>
>Holger Brunn - Ontwerp en implementatie
>
>mail: holger@xxxxxxxx
>web: http://therp.nl

Follow ups

  Thread PreviousDate PreviousThread Next