I would need it for a float or m2o so as is this seems limited for my use Eric Caudal (From his mobile)
Holger Brunn <[email protected]> wrote: >Hi Eric, > >> I would expect a way to encrypt some critical data at database level >> (password, accounting information, salaries). >> I am not sure here but I have the feeling that encryption/decryption >> though should only be possible through a certificate/key at >> browser/client level to protect the key from the administrator. > >I was playing with this a while ago, you can find my code here: >https://code.launchpad.net/~hbrunn/+junk/encrypted_fields > >This works with 6.1, but it should be quite simple to port to 7.0. Another >addon on my list of addons that just need some polishing to be published when >time permits. If anybody else is willing to do that, please! > >What does it do? Users are assigned a private/public RSA keypair. When you set >up encryption for a (by now text-)field, a symmetric AES key is created whose >passphrase is encrypted with the public keys of all users who are supposed to >be able to read and write the field. That's roughly what GPG does for mails >with multiple recipients. > >Caveats: >- only one group of users can have the keys for one field >- new users can't view the field even if being member of the right group. A >member of that group will have to approve access (= decrypting the passphrase >with the old members private key, encrypt it with the new member's public key, >write it in the list of encrypted keys) >- this approach doesn't really work for char or int fields, there some kind of >XORing with an encrypted random string should be used I guess. >- no searching through encrypted fields > >Decryption is done on the server side. In my POV, doing it on the client side >doesn't really add securitywise, as you still have to trust the code you run. >Nobody is going to check if the admin didn't fiddle with the js code to have >the passphrases logged or anything like that. Or is there a way of letting the >browser do that where the JS code never sees the keys involved? > >I'm very interested in the community's comments about this, up to now i >thought I was nearly alone with thinking it would be a good thing to have >that. > >Regards, >Holger > >-- >Therp - Maatwerk in open ontwikkeling > >Holger Brunn - Ontwerp en implementatie > >mail: [email protected] >web: http://therp.nl _______________________________________________ Mailing list: https://launchpad.net/~openerp-community Post to : [email protected] Unsubscribe : https://launchpad.net/~openerp-community More help : https://help.launchpad.net/ListHelp
