On Sun, 2007-05-13 at 11:15 +0000, elemental wrote: > I have a small app that needs to store a passport number in a database > (MySQL). I'd like to encrypt the passport for security, so I'm using > ezPyCrypto. I've never had to encrypt data before so I'm a bit new at > this. However, I've worked through a shell and successfully encrypted > and decrypted a string. Applying the same logic in my model to my > passport string, I get the following error when attempting to save: > > UnicodeDecodeError at /register/ > 'ascii' codec can't decode byte 0xb4 in position 0: ordinal not in > range(128) > > For reference, here is the save portion of the model: > > def save(self): > key = ezPyCrypto.key(512) > self.passport = key.encString(self.passport) > > I searched for the above error and it seems to be a known bug with > newforms (which I'm using).
This piece of code has nothing to do with newforms, since it isn't using newforms at all. The error message is a standard one that Python raises when you are trying to jam a non-ASCII string into something excepting ASCII characters (this same error is *also* raised in some newforms code for the same reason, but it's unrelated to this). Getting non-ASCII-encoded character strings to work with trunk at the moment is a slightly fragile affair. The unicode branch is in development to fix a number of those problems in a holistic fashion. However, that may still not be a solution to the problem you are seeing. I am not familiar with ezPyCrypto. Does the encString() method return a unicode string or just an arbitrary sequence of bytes? In the latter case, you are pretty much guaranteed to have problems trying to store it in a character field, since there is always going to be some encrypted sequences that are not valid unicode or valid UTF-8 or valid-any-encoding-you-like. [...] > Unrelated to the error: > > Can I simply store a single generated key in my app or must I generate > a unique key for each saved object and write the key to a file in a > non-public directory? I realize there are different levels of accepted > security, Which is why there isn't a single correct answer. These are passport numbers, so leaks are not good. But how damaging is it if somebody gets hold of a key or the directory of keys? Does your risk profile require that only a single number should be exposed? Only a maximum of N numbers? Would all numbers being exposed is "acceptable"? What happens if you need to revoke a key because it's leaked, or somebody who had access to it has left the organisation? > but because of the size and scale of this app I'd like to > keep things simple if possible. Any advice here would be appreciated. If you have a large number of passport numbers and need to be able to retrieve them, how is it going to happen? Automatically? Or will somebody (or multiple somebodies) need to type in a password to decrypt them? It's very hard to give a general answer to these sorts of questions, because the necessary security at this level depends on other factors: the number of people having access to the system, their trust level, physical security of the systems, frequency of access required, amount of authority required for access (one person? N of M people?), etc. Regards, Malcolm --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-users@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/django-users?hl=en -~----------~----~----~----~------~----~------~--~---
