SECRET_KEY is still used for some calculations even if CRYPTOGRAPHY_KEY is set

Question

SECRET_KEY is still used for some calculations even if CRYPTOGRAPHY_KEY is set

glennmatthews opened this issue 3 years ago · comments

Per the documentation,

CRYPTOGRAPHY_KEY
Default: None
When value is None a key will be derived from SECRET_KEY. Otherwise the value will be used for the key.

This documentation is incorrect, or at least incomplete. I can confirm that even when CRYPTOGRAPHY_KEY is set, some calculations still use SECRET_KEY. This can be demonstrated by populating some encrypted fields, then changing SECRET_KEY - a BadSignature error will be reported on trying to access the fields, but changing SECRET_KEY back to its old value will restore normal operation.

Glenn Matthews · Answer 1 · Tue Jun 15 2021 05:37:06 GMT+0800 (China Standard Time)

In other words, once you begin using this library, you may never change SECRET_KEY again, even if you're defining CRYPTOGRAPHY_KEY as the documentation recommends.

Eric Smith · Answer 2 · Wed Jun 30 2021 01:26:38 GMT+0800 (China Standard Time)

Duplicate of #37?

Roman Gorbil · Answer 3 · Wed Jul 20 2022 22:41:16 GMT+0800 (China Standard Time)

Faced the same issue.
Steps to reproduce:

Start new project, install django-cryptography, set both SECRET_KEY and CRYPTOGRAPHY_KEY
Add at least 1 instance of model with encrypted field
Change value of SECRET_KEY

Expected result: encrypted fields may be decrypted as CRYPTOGRAPHY_KEY wasn't changed
Actual result: BadSignature because encryption key changed.

Richard Shea · Answer 4 · Sat Apr 20 2024 18:36:52 GMT+0800 (China Standard Time)

FWIW I've just attempted to replicate this issue and with ...

Django==4.2.11
django-cryptography==1.1

.... the dependency on SECRET_KEY is still the case.

Just doing a PR to reflect the situation in the documentation.