I am new to this module, so please excuse me if my questions sounds silly. I am creating an application and using the cryptography.fernet to encrypt MySQL credentials.
If I encrypt for example and get this
from cryptography.fernet import Fernet
key = b'PCHl_MjGyEyBxLYha3S-cWg_SDDmjT4YYaKYh4Z7Yug='
cipher_suite = Fernet(key)
ciphered_text = cipher_suite.encrypt(b"SQLShack@DemoPass")
print(ciphered_text)
How can I prevent the end user from simply printing out the password if I have to decrypt the password like below?They can just print the print(unciphered_text).Also saving the password to a database defeats the purpose since my password is for the database. Thank you for you help in advanced.
key = b'PCHl_MjGyEyBxLYha3S-cWg_SDDmjT4YYaKYh4Z7Yug='
cipher_suite = Fernet(key)
ciphered_text = b'gAAAAABd_jcLWEz-fIBt3y2P3IoB3jGdbNnSzeSINZ8BomP9DrKIX2YF4pMLkMCvCxLshmKgKXk7np42xop6QIaiawbhjGayMU0UrbTeUX-6XA8zmo55vwA='
unciphered_text = (cipher_suite.decrypt(ciphered_text))
I just want do like this in my code
try:
engine = create_engine('mysql+mysqlconnector://root:encrypted_password@encrypted_host:3306/encrypted_databsed?auth_plugin=mysql_native_password')
except engine.closed():
print("Failed to create engine")
Actually - you cannot.
In theory you can write a library returning a database connection instead of the cleartext password. However - as soon as you have the ciphertext and the key on the same place (at the client), nothing prevents the client to decrypt and print the cleartext anyway.