How To
Summary
Securely storing app data is hugely important when developing an app. This documentation will outline how to safely store data in the context of a QRadar app.
Steps
QPyLib Encdec
Encdec is an encryption and decryption module available in the QPyLib Python library. The encdec module is the recommended way to handle storing secrets and sensitive data within a QRadar app.
Encrypting values
Encdec can be used to encrypt values, storing them in a file identified by the provided user value. This file stores the encrypted values, allowing them to be retrieved later, referenced by a name.
The idea behind naming the file based on the user property is that an app could have different secrets for different users who use the app.
The encryption is set up with:
enc = Encryption({'name': 'mytoken', 'user': 'myuser'})
This sets up an instance of the Encryption class that is dedicated to handling a single secret, in this example the secret mytoken for user myuser.
Then the value is encrypted and saved to the encryption file referenced by the name:
value = "value to be encrypted"
encrypted = enc.encrypt(value)
The encrypt function then returns the encrypted value, while also saving to the encryption file.
Decrypting values
Encdec can also decrypt previously encrypted values, retrieving from the file referenced by the user value that the secret was previously saved to.
Decryption is set up the same way that encryption is set up, with:
enc = Encryption({'name': 'mytoken', 'user': 'myuser'})
Then the value can be retrieved and decrypted if it exists:
decrypted = enc.decrypt()
The decrypt function returns the decrypted value referenced by the name property. If no name is found referencing an encrypted value, or there is an issue with the encryption configuration, an EncryptionError
is raised.
Encryption Engines
The QPyLib encdec functionality supports decrypting secrets from older encryption engine versions, and encrypting secrets at the latest engine version.
At time of writing there are four encdec encryption engines:
v1
- Unsupported old version, previously distributed as a separate module from qpylib.v2
- AES/CFB encryption.v3
- Modified version ofv2
engine AES/CFB encryption.v4
- Fernet encryption.
If an app has secrets encrypted using v2
, v3
or v4
the encdec module will support decrypting these, even if they are not the latest version - it will automatically determine the encryption engine to use. Once a secret that was originally encrypted using an older engine version is decrypted, encdec will automatically re-encrypt the secret and override the old secret. This allows for the encdec module to be used in a backwards compatible way, and if new engine versions are released, old secrets are automatically migrated to newer encryption engine versions.
The encdec module will automatically store any secrets with the latest designated encryption engine, and coupled with the backwards compatibility decryption and re-encryption of old versions should result in smooth transitions to the recommended encryption engine version; only requiring QPyLib to be updated.
Document Location
Worldwide
Was this topic helpful?
Document Information
Modified date:
30 March 2021
UID
ibm16437521