The most common way to protect sensitive data is encryption. The working of encryption is as simple as plaintext is converted into a ciphertext, where ciphertext is meaningless random characters. And these ciphertexts are again decrypted at the other end and made back as in the previous form; this process is called decryption. One of the most used encryption standards is the AES-256. The AES-256 stands for Advanced Encryption Standard. At first, AES was called Rijndael because it was developed by two developers named Vincent Rijmen and Joan Daemen. In general, API uses either AES-128 or AES-256 bit encryption. The AES supports multiple key sizes: a 128-bit key, 192-bit key, and 256-bit key. Even the key sizes vary, the block size remains the same as 128-bit or16 bytes.
Before getting into code first thing is to ensure that the pycrypto module is installed in the system; if not, you can install it by running the below command on the terminal. Pycrypto is a Python library that provides cryptographic services. It is a collection of hash functions and encryption algorithms such as AES, DES, etc.
pip3 install pycrypto
As an example, the following will demonstrate how encryption and decryption can be done using AES 256 which will be helpful in describing the Odoo API Encryption.
First, need to import the packages for AES encryption;
from Crypto.Cipher import AES
After adding the packages initialize block size, padding, and unpadding.
BLOCK = 16
pad = lambda s: s + (BLOCK - len(s) % BLOCK) * chr(BLOCK - len(s) % BLOCK)
unpad = lambda s: s[:-ord(s[len(s) - 1:])]
Encryption
After initialization pass the API data as arguments into the encryption function as follows;
def encrypt(raw, key):
private_key =hashlib.sha256(key.encode("utf-8")).digest()
#Provide private key for encryption
raw = pad(raw)
#appending raw padding bits
iv = Random.new().read(AES.block_size)
#Initialization vector used for encryption
cipher = AES.new(private_key, AES.MODE_CBC, iv)
#encryption into cipher text
return base64.b64encode(iv + cipher.encrypt(raw))
In encryption, the original content or information is converted into a cipher, this process is called encryption.
DECRYPTION
Decryption can be done as follows:
def decrypt(enc, key):
private_key = hashlib.sha256(key.encode("utf-8")).digest()
#provide private key
enc = base64.b64decode(enc)
iv = enc[:16]
#initalization vector
cipher = AES.new(private_key, AES.MODE_CBC, iv)
#decription of cipher
return unpad(cipher.decrypt(enc[16:]))
In the description, the encrypted data is converted into its original form. As we discussed how AES-256 can be done by using python, in the currently available computing power AES-256 encryption is unbreakable, so it is one of the strongest encryption standards. In the end, AES is never cracked and is safe against brute force attack, however, the key size is much larger than supercomputers will take billions of years to crack it.