A change in settings (with the excpetion of database changes) will not result in decryption and re-encryption of data, only to apply the changes. Instead, the changes are applied when new data is encrypted, or old data is modified - thereby slowly phasing out the old configuration. For example, when changing password hash iterations, the change takes effect when the user resets their password.
Any database changes will result in Krptn assuming that all data has been migrated to the new database and is ready to use. Krptn will stop using the old database but will finish any started user operations in there.
Simple, pythonic configuration:
1import krypton 2 3krypton.configs.defaultArgonOps = 3 # Number of iterations for Argon2id 4 5krypton.configs.defaultPasswordResetArgonOps = 4 # Iteration count for Password Reset codes 6 7krypton.configs.defaultCryptoperiod = 2 # Approx. number of years for the cryptoperiod of a key 8 9krypton.configs.defaultSessionPeriod = 15 # Number of minutes before a user Session is destroyed. 10 11krypton.configs.defaultLogRetentionPeriod = 43200 # Number of minutes to store login logs
When seting iteration counts for Argon2id, make sure that it is not too low. A low value could make a brute-force attack against the encryption in the database easy, if it is leaked. However, note that a high value slows down your server. Depending on your needs, an appropriate value needs to be found.
For the following settings please see Databases
1krypton.configs.SQLDefaultCryptoDBpath = # for DB used by Crypto Class 2krypton.configs.SQLDefaultKeyDBpath = # for DB used by Key Management System 3krypton.configs.SQLDefaultUserDBpath = # for DB used by User Authentication System
2.2. FIDO Auth & MFA
These configuration options must be set for FIDO (passwordless Auth), and TOTP (time-based one-time passwords) to work.
1## For both TOTP and FIDO 2krypton.configs.APP_NAME = "ExampleApp" # name of your app 3 4## The below are only needed for FIDO 5krypton.configs.HOST_NAME = "example.com" # hostname, as seen by the user's browser 6krypton.configs.ORIGIN = "https://example.com/" # again, as seen by the user's browser