darkmatter18/encrypted_field.py

## encrypted_field.py
import base64
import hashlib
from Crypto import Random
from Crypto.Cipher import AES

from mongoengine import fields

class EncryptField(fields.BaseField):
    def __init__(self, key: str, **kwargs):
        self.bs = AES.block_size
        self.key = hashlib.sha256(key.encode()).digest()

        super().__init__(**kwargs)

    def to_python(self, value):
        if isinstance(value, str) or not isinstance(value, bytes):
            return value
        else:
            return self.decrypt(value)

    def to_mongo(self, value):
        return self.encrypt(value)

    def validate(self, value):
        if not isinstance(value, str):
            self.error("StringField only accepts string values")

    def encrypt(self, raw):
        raw = self._pad(raw)
        iv = Random.new().read(AES.block_size)
        cipher = AES.new(self.key, AES.MODE_CBC, iv)
        return base64.b64encode(iv + cipher.encrypt(raw.encode()))

    def decrypt(self, enc):
        enc = base64.b64decode(enc)
        iv = enc[:AES.block_size]
        cipher = AES.new(self.key, AES.MODE_CBC, iv)
        return self._unpad(cipher.decrypt(enc[AES.block_size:])).decode('utf-8')

    def _pad(self, s):
        return s + (self.bs - len(s) % self.bs) * chr(self.bs - len(s) % self.bs)

    def _unpad(self, s):
        return s[:-ord(s[-1:])]


## requirements.txt
pycryptodome
mongoengine

## use.py
from mongoengine import connect, Document

from encrypted_field import EncryptField

connect(host="mongodb://<user>:<passwd>@<ip>:27017/<db>", uuidRepresentation='standard')

class TestEnc(Document):
    data = EncryptField(key="Pc0OOWSdhP8wXpTqhDslnrK7HTW4uF0oBN4m9kbELg0=")

TestEnc(data="abc").save()

for x in TestEnc.objects.all():
    print(x.data)
	import base64
	import hashlib
	from Crypto import Random
	from Crypto.Cipher import AES

	from mongoengine import fields

	class EncryptField(fields.BaseField):
	def __init__(self, key: str, **kwargs):
	self.bs = AES.block_size
	self.key = hashlib.sha256(key.encode()).digest()

	super().__init__(**kwargs)

	def to_python(self, value):
	if isinstance(value, str) or not isinstance(value, bytes):
	return value
	else:
	return self.decrypt(value)

	def to_mongo(self, value):
	return self.encrypt(value)

	def validate(self, value):
	if not isinstance(value, str):
	self.error("StringField only accepts string values")

	def encrypt(self, raw):
	raw = self._pad(raw)
	iv = Random.new().read(AES.block_size)
	cipher = AES.new(self.key, AES.MODE_CBC, iv)
	return base64.b64encode(iv + cipher.encrypt(raw.encode()))

	def decrypt(self, enc):
	enc = base64.b64decode(enc)
	iv = enc[:AES.block_size]
	cipher = AES.new(self.key, AES.MODE_CBC, iv)
	return self._unpad(cipher.decrypt(enc[AES.block_size:])).decode('utf-8')

	def _pad(self, s):
	return s + (self.bs - len(s) % self.bs) * chr(self.bs - len(s) % self.bs)

	def _unpad(self, s):
	return s[:-ord(s[-1:])]
	from mongoengine import connect, Document

	from encrypted_field import EncryptField

	connect(host="mongodb://<user>:<passwd>@<ip>:27017/<db>", uuidRepresentation='standard')

	class TestEnc(Document):
	data = EncryptField(key="Pc0OOWSdhP8wXpTqhDslnrK7HTW4uF0oBN4m9kbELg0=")

	TestEnc(data="abc").save()

	for x in TestEnc.objects.all():
	print(x.data)