...
Alternatively, we can implement our own solution using/maintaining our own Master Key and using python/django libraries to encrypt database fields.
- django-fernet-fields (recommended)
- uses pyca/cryptography open source library
- 136 contributors, relatively active, maintained
- Fernet algorithm
- AES with CBC mode, with PKCS7 padding, and SHA256 HMAC
- Generates base-64 encoded, 32-bit key
- very easy-to-use extension on top of django fields
- readable/understandable code
- can provide custom master key, rather than relying on a single SERVER_KEY
- allows for key rotation of the master key by listing older keys for decryption
- only 5 contributors; now just in maintenance mode (upgrading libraries)
- uses pyca/cryptography open source library
- Django Extensions' Encrypted Fields
- uses Google's keyczar open source library, which has known security issues, but may not apply to our usage of it
- code is somewhat cryptic - mostly due to keyczar's interface
- 327 contributors, active overall development
- django-encrypted-fields
- uses Google's keyczar open source library, which has known security issues, but may not apply to our usage of it
- https://github.com/lanshark/django-encrypted-model-fields, uses Python's crypto library, but is a forked version of the original.