Encryption techniques in database

Manpreet-Singh · February 5, 2025, 3:27pm

Hi,

I am looking for a good solution in which I can encrypt my data in the database in such a way that it supports the database queries like - __in, __icontains also.

Thanks in advance

abbasj · February 5, 2025, 6:22pm

What kind of data is that you want to encrypt and why would you do that?

Manpreet-Singh · February 6, 2025, 3:48am

Consider cases in which I have to encrypt email in the database while user registration, Parallelly, I want to send email to some selected emails (Example. whose email ends with @xmail.com) separately in a cron job or any other event or separate API.

Note :- Email must be encrypted in database.

abbasj · February 6, 2025, 6:16am

The only method I have in mind currently is encrypting the data using Fernet from the Cryptography module.

With these, data can be encrypted and require an decryption key. But remember that the decryption keys must be stored somewhere, preferably in a database. This raises another questions:

How do you secure the database hosting the decryption keys?

I’m not sure what you’re doing and why but I suggest protecting the database by following best practices and other guidelines regarding database security.

In summary, encryption adds another layer of complexity that you may actually not need.

Manpreet-Singh · February 6, 2025, 11:08am

True,
But I am working on a project which is finance based with extremely critical data like Credit Card details etc.

Storing the keys in the database is not preferable and is not a secure way - I do have a good solution to store the keys but the issue is with the below pointer.
With fernet you will be able to encrypt and decrypt the data but the issue is - you will not be able to run all the query attributes other than iexact. (Ex. email__icontains will not work in this case until unless the whole column data is fetched in a decrypted form then after performing operations on the data it can be done, But I dont think it’s a good process)

I hope you’re able to get me now.
Thanks

KenWhitesell · February 6, 2025, 12:13pm

Welcome @ddindia-manpreet !

As a general rule of thumb, for the type of protection that you’re talking about, the typical solution is to use some degree of file-system encryption, usually at either the partition or directory level.

But what you should start with are the laws and regulations under which you are operating, along with whatever published standards may exist. If you’re dealing with legally-defined security requirements, then getting the lawyers involved would also be prudent.

You want professional guidance for this. This is not one of those topics that you want to take advice from an online service such as this (or any other).

Topic		Replies	Views
Encrypting private data Getting Started	4	3476	October 11, 2022
Implementing encryption for MySQL fields' data in Django Using the ORM	2	559	April 23, 2024
Django Encryption Using the ORM	4	4598	December 4, 2022
How to use RSA encryption and decryption in model fields Getting Started	3	2815	July 7, 2022
My new open source project Cryptography in Django Show & Tell	10	933	October 8, 2020

Encryption techniques in database

Related topics