This class implements a persistent dictionary using sqlite3 and encrypts the keys and the values of the dictionary in a way, that makes it very hard to bruteforce either the key or the values in the db.
- example usage::
>>> from pcd import PersistentCryptoDict >>> d=PersistentCryptoDict() >>> print d <pcd.PersistentCryptoDict instance at 0x8dcb54c> >>> print d['my key'] None >>> d['my key']='secret value' >>> print d['my key'] secret value >>> d['my key']='top secret value' >>> print d['my key'] top secret value
The key and the value in the dict is transformed according to the following algorithm (credit: dnet):
- we calculate they keyhash - a hmac-sha512(salt,key)
- we split the key in half, the first half as a hexdigest (ascii), the second we keep as a binary
- we use the second binary half from step 2 of the keyhash to encrypt the value
- we use the ascii keyhash from step 2 as a key to the database, and the value is the encrypted result from step 3.
- we calculate they keyhash - a hmac-sha512(salt,key)
- we split the key in half, the first half as a hexdigest (ascii), the second we keep as a binary
- we query the database using the ascii keyhash from step 2 as a key
- we use the second binary half from step 2 of the keyhash to decrypt the value
The database contains only the following pairs of data:
(hmac-sha512(key, salt).hexdigest()[:64], # key aes256-ofb(hmac-sha512(key, salt).digest()[32:], value)) # value
we diligently obey Schneier's law: https://www.schneier.com/blog/archives/2011/04/schneiers_law.html, and thus we would consider the task to retrieve any meaningful data without huge rainbow tables from such a database a futile task. :)