Hello, For my ecommece site, I want to store partial credit card numbers as string, for this I need to encrypt the information to store at the database and decrypt when users want to reuse the already entered credit card info from earlier purchases without typing it all over again.
I am using Django thus I need to solve this via Python. What would be the clever algorithm to solve this issue ?
Are you absolutely sure you want to hash sensitive information like this? It might be worth reading this article to get an idea of some of the pitfalls trying to store any sensitive information in a database. In your case it's even worse because you want the transformation to be reversible. Just remember, if you can reverse it, so can an attacker.
Think carefully before you embark on this course...
Perhaps you might be better of outsourcing this kind of work to someone who specializes in it (such as Paypal or Google Checkout etc).
Before you go much further you should take a look at PCI-DSS, which governs exactly what processes you need to have in place to even consider storing encrypted card numbers. In short, you should seriously consider outsourcing to a 3rd party payment gateway.
If once you've understood the consequences you do want to go ahead, then again - follow the PCI guidelines. For symmetric encryption of card numbers you probably want to use AES, and draw up very strict key management policies.
If however you only want to store a partial card number, then PCI states you can store (at an absolute maximum) the first six and last four digits only. The first six digits are all you need to identify a card type. The last four digits you may deem necessary to help prevent issues where a customer has near identical card numbers.
IMHO storing partial card numbers (in plain text) is what you want to do, and then outsource the handling of encryption, authorisation and settlement to a 3rd party gateway. The payment gateway will give you a unique token id for each card you pass to them, so that you can reference a unique card to perform re-authorisation or refunds etc.