🔐 How to Encrypt and Decrypt Data in the Widget Script
In this section, you’ll learn how to securely encrypt and decrypt sensitive data within your widget script. We’ll walk you through the process of implementing encryption methods to protect user data and how to safely retrieve and decrypt it when needed, ensuring compliance with security best practices.
Encryption Key Definition
An encryption key is a random string of bits used to encrypt and decrypt data, ensuring secure communication. It is unpredictable and unique, making it difficult to crack the encryption. Depending on the encryption software, the key may be used for both encryption and decryption.
NaCl Definition
NaCl (pronounced "salt") is a high-speed software library designed for network communication, encryption, decryption, and digital signatures. It provides the core cryptographic operations necessary for building secure tools. More info: NaCl and PyNaCl.
Step-by-Step: Encrypting and Decrypting Data with NaCl
Step 0: Install PyNaCl and Generate Encryption Key
To use NaCl encryption in Python, you first need to install the PyNaCl library:
# General Python command
pip install pynacl
# For Python 3.9
python3 -m pip install pynacl
Now, to generate a NaCl encryption key in a Python console or script:
import nacl.utils
from base64 import b64encode
# Generate a 24-byte encryption key
encode = b64encode(nacl.utils.random(24)).decode()
print(encode)
Example Output:
'31LMNgROjKJVtZYfDoSfY0W4yTQDpzEdV/75UrSlmiU='
This output will serve as your encryption key. Save this key for encrypting and decrypting data.
Step 1: Encrypting Data
Once you have your encryption key, you can encrypt sensitive data, such as client information, user IDs, or account numbers.
Here’s how to encrypt a value in the ViaSay platform using Jinja:
-
Encrypt a String:
Use the
encrypt()function in Jinja to encrypt a string:{{ data | encrypt(key, null, 'NACL') }}data: The value or string you want to encrypt (e.g., a user’s name).key: The encryption key generated in the previous step.'NACL': Specifies the encryption library (NaCl in this case).
Example:
{{ "Chuck" | encrypt("31LMNgROjKJVtZYfDoSfY0W4yTQDpzEdV/75UrSlmiU=", null, 'NACL') }}The result will be a string in the format
iv:encrypted_data. -
Encrypt JSON Data:
If you’re dealing with JSON, apply the
to_jsonfilter before encryption:{{ data | to_json | encrypt(key, null, 'NACL') }}
Step 2: Decrypting Data
To decrypt encrypted data, you’ll use the decrypt() function in Jinja.
-
Decrypt a String:
The decryption function follows this format:
{{ encrypted_data | decrypt(key, iv, 'NACL') | safe }}encrypted_data: The encrypted string you want to decrypt.key: The encryption key you used to encrypt the data.iv: The initialization vector (IV) generated during encryption.
If the encrypted data is formatted as
iv:encrypted_data, split it like this:{{ (encrypted_string | unquote).split(":")[1] | decrypt(key, (encrypted_string | unquote).split(":")[0], 'NACL') | safe }} -
Example:
To decrypt data for "Chuck" encrypted with the key and IV, you’d use:
{{ encrypted_data | decrypt("31LMNgROjKJVtZYfDoSfY0W4yTQDpzEdV/75UrSlmiU=", "iv_value_here", 'NACL') | safe }}Replace
"iv_value_here"with the actual IV used during encryption.
Optional: Generate IV (Initialization Vector)
You can optionally generate an IV (Initialization Vector) to add randomness to the encryption process. Install pycrypto and generate the IV as follows:
pip install pycrypto
# For Python 3.9:
python3 -m pip install pycrypto
Then, generate an IV in the Python console:
from base64 import b64encode
from Crypto import Random
iv = b64encode(Random.new().read(24)).decode()
print(iv)
Example Output:
'4EpJWt4NaZi/Nr6GIAqKXSn07iJ8tdug'
Complete Example in Python
import nacl.utils
from base64 import b64encode
# Generate Encryption Key
key = b64encode(nacl.utils.random(24)).decode()
print("Encryption Key:", key)
# Generate IV (Initialization Vector)
from Crypto import Random
iv = b64encode(Random.new().read(24)).decode()
print("IV:", iv)