Re: Let's share some useful Python code
Update: the above advice works. Avoid storing your keys in your app and all that. But it has one major drawback: you need to be on the internet!
So, what if you want your app to be used in an offline setting? Well, that's generally what most apps let you do. So how do you encrypt and decrypt data in that way? There is no "right" way to answer this issue. One source (https://medium.com/poka-techblog/the-be … 8a6807d3ed) suggests storing secrets in environment variables. That works... but isn't very safe.
But there is one problem of storing your key in your code, in environment variables, in a database, or in an encrypted form in your code: they all rely on the same variable -- that a server must decrypt the data. But a server can leak information, especially if it has backups! (Logic would suggest not... right? After all, backups are supposed to be good things. Right? Well, that depends on *who* is doing the backups, and whether *they* are trustworthy.)
Sadly, if your app is used offline, you don't have very many options open to you. One way to alleviate the headache with crypto is to use cryptography's Fernet interface. This forces you to go against what I've already told youand to store your key in your code. But it will encrypt your data, and you can write it, and you won't need to do any manual reads. It'll save you a lot of time. It won't be safe, since the key is i your code and Python is generally bad at secure memory management. But it does work. (If someone has some kind of solution to this problem -- making a crypto system that works both online and offline -- please let us all know!) Sometimes you just have to suck it up and deal with the fact that the key is in your code. Sadly with offline apps, this is inevitable. You can do some messing with it and encode it in various ways and make tat your key, but people will still get at it. Or, even better, you can cythonize yourencryption/decryption work so its not in Python, which should make things a bit more safe for you.
Edit: This article provides some very interesting solutions for generating keys -- generate them on the fly, don't hardcode them. I wonder if PUFs can be implemented in Python...
-- Audiogames-reflector mailing list Audiogames-reflector@sabahattin-gucukoglu.com https://sabahattin-gucukoglu.com/cgi-bin/mailman/listinfo/audiogames-reflector
