IBM Support

Secure Data Storage and Encryption

How To


Summary

Securely storing app data is hugely important when developing an app. This documentation will outline how to safely store data in the context of a QRadar app.

Steps

QPyLib Encdec

Encdec is an encryption and decryption module available in the QPyLib Python library. The encdec module is the recommended way to handle storing secrets and sensitive data within a QRadar app.

Encrypting values

Encdec can be used to encrypt values, storing them in a file identified by the provided user value. This file stores the encrypted values, allowing them to be retrieved later, referenced by a name.

The idea behind naming the file based on the user property is that an app could have different secrets for different users who use the app.

The encryption is set up with:

enc = Encryption({'name': 'mytoken', 'user': 'myuser'})

This sets up an instance of the Encryption class that is dedicated to handling a single secret, in this example the secret mytoken for user myuser.

Then the value is encrypted and saved to the encryption file referenced by the name:

value = "value to be encrypted"
encrypted = enc.encrypt(value)

The encrypt function then returns the encrypted value, while also saving to the encryption file.

Decrypting values

Encdec can also decrypt previously encrypted values, retrieving from the file referenced by the user value that the secret was previously saved to.

Decryption is set up the same way that encryption is set up, with:

enc = Encryption({'name': 'mytoken', 'user': 'myuser'})

Then the value can be retrieved and decrypted if it exists:

decrypted = enc.decrypt()

The decrypt function returns the decrypted value referenced by the name property. If no name is found referencing an encrypted value, or there is an issue with the encryption configuration, an EncryptionError is raised.

Encryption Engines

The QPyLib encdec functionality supports decrypting secrets from older encryption engine versions, and encrypting secrets at the latest engine version.

At time of writing there are four encdec encryption engines:

  • v1 - Unsupported old version, previously distributed as a separate module from qpylib.
  • v2 - AES/CFB encryption.
  • v3 - Modified version of v2 engine AES/CFB encryption.
  • v4 - Fernet encryption.

If an app has secrets encrypted using v2, v3 or v4 the encdec module will support decrypting these, even if they are not the latest version - it will automatically determine the encryption engine to use. Once a secret that was originally encrypted using an older engine version is decrypted, encdec will automatically re-encrypt the secret and override the old secret. This allows for the encdec module to be used in a backwards compatible way, and if new engine versions are released, old secrets are automatically migrated to newer encryption engine versions.

The encdec module will automatically store any secrets with the latest designated encryption engine, and coupled with the backwards compatibility decryption and re-encryption of old versions should result in smooth transitions to the recommended encryption engine version; only requiring QPyLib to be updated.

Document Location

Worldwide

[{"Line of Business":{"code":"LOB24","label":"Security Software"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSBQAC","label":"IBM Security QRadar SIEM"},"ARM Category":[{"code":"a8m0z000000cwt3AAA","label":"QRadar Apps"}],"ARM Case Number":"","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"All Version(s)"}]

Document Information

Modified date:
30 March 2021

UID

ibm16437521

Page Feedback