Encryption and secure data storage in app development

Use the QRadar Python endec module to encrypt data in apps that you develop and prevent the transmission of secure data and passwords in clear text. The endec module is built into the Application Framework Software Development Kit (SDK) to enable encryption and secure data storage in the apps that you develop.

How it works

In the following code snippet, the endec module is used to encrypt and store a password and a key token. Then, the module is used to retrieve and decrypt those encrypted data items.

from qpylib.encdec import Encryption
app_password_handler = Encryption({ 
    'name': 'appPassword', 
    'user': 238

}) 
app_password_handler.encrypt('clearTextPasswordSuppliedByUser') 
key_token_handler = Encryption({ 
    'name': 'keyToken',  
    'user': 238

}) 
key_token_handler.encrypt('773d3efcb4dd211c213ebf4c45cd81ae') 
... 
retrieved_password = app_password_handler.decrypt() 
key_token = key_token_handler.decrypt()

How to use the code

Create a dedicated instance of the encryption object for each data item that you want to manage with the encdec module. For example, in the code snippet example, the app_password_handler object manages the password and the key_token_handler object manages the key token for the user who is identified as 238.

The following table describes the elements that you use to create an encryption object.

Encryption object elements	Description
name	Unique string that identifies the data item to manage.
user	Unique identifier for the user who owns the data item to manage.

For each user, the encdec module stores the user’s secure data in the /store/<user_ID>_e.db file in the Docker container. For example, secure data for user 238 in the example code snippet is stored in the container’s /store/238_e.db file.

When you create the encryption object, the decrypt() function is invoked to retrieve and decrypt a user-data item. You can use the same encryption object instance that was used for encryption. If that object is no longer in scope, you can instantiate a new encryption object by supplying the same initialization parameters that you used originally.

Add the PyCrypto module to your app

The encdec module depends on the PyCrypto module, which you can download from the Python website (https://pypi.python.org/pypi/pycrypto). Add the PyCrypto 2.6.1 package and its dependencies to your app's src_deps/pip directory.

Note: The PyCrypto libraries in your app are subject to US export classification laws. If the app that you develop is used outside of the US, you must ensure that you have an Export Control Classification Number (ECCN) to comply with United States Department of Commerce regulations.