1

In my Django web-app, I would like the user to authenticate itself with an encrypted email address that would simply be the username. Due to the existing GDPR regulations in my country, I have to encrypt e-mail addresses and by doing it with the help of Python Cryptography and Fernet functions, each string is different after encryption, even if two strings are encrypted with one and the same key. Is it possible to authenticate the user without errors in such a situation? If this is possible, where can I read a little more about it?

EDIT: Maybe I incorrectly specified: Django uses username and password for authentication, if the encrypted email is username, when logging in, the user will enter the email when logging in, i.e. harry@example.com. The database keeps an encrypted version of this email, so when using authenticate(request, username, password), it will look for a user with the username harry@example.com, not the encrypted version. If at this point I would like to decrypt the user's e-mail from the database and compare it with the e-mail that the user entered when logging in, app would probably has to decrypt all e-mails in the database, and then check if and which one is harry@example.com and here, in my opinion, it becomes quite problematic, because I have the impression that it is a not good solution in terms of time and server load. Is there any other way that I will be able to compare the e-mail entered when logging in and the encrypted e-mail in the database?

Kevin Sullivan
  • 13
  • 3

2 Answers2

3

Here is a good lesson on how to use python cryptography https://www.geeksforgeeks.org/how-to-encrypt-and-decrypt-strings-in-python/

As for GDPR, the user can enter their email but you should encrypt it on the store, then decrypt it when you want to use it. Make sure that your secret is hidden. If someone gets access to your database and your secret, the encryption is as good as if it's not there.

You should not be comparing the encrypted strings, you should decrypt the email and compare it to the email that is currently entered. Comparing hashes should only be done with hashing, not encryption. If you don't want to have access to the user's email, you should consider hashing instead of encrypting.

KIVOX
  • 104
  • 1
  • 6
1

There's a good read here How do I encrypt and decrypt a string in python?. To know the how-to around what you need. Plus, you described the solution quite well, so take a look at the following packages from the Django community which achieve what you are looking for:

https://github.com/orcasgit/django-fernet-fields/

https://github.com/orcasgit/django-fernet-fields/blob/master/fernet_fields/fields.py#L117 It includes an Encrypted email field

https://github.com/patowc/django-encrypted-field

misraX
  • 887
  • 5
  • 15
  • I'm sorry because I may have misspelled the question earlier. I edited it now. – Kevin Sullivan Sep 08 '22 at 20:21
  • @KIVOX answer explains the point of storing encrypted vs hashes and for your use case I'd advice to go for hashes just like password management and validation on Django, use the following for your reference https://docs.djangoproject.com/en/4.1/topics/auth/passwords/ – misraX Sep 08 '22 at 21:41