EditCrypt

Summary: Allow server-side encryption/decryption of pages while editing
Version: 2008-05-04
Prerequisites: WikiSh, WikiShCrypt (including the MCRYPT extension to PHP required by the latter), EditMX
Status: Alpha (still missing history suppression)
Maintainer: Peter Bowers
Discussion: EditCrypt-Talk?
Users: (View? / Edit)
Categories: Security

Questions answered by this recipe

This section is optional; use it to indicate the types of questions (if any) this recipe is intended to answer.

  • How can I encrypt a page so I am the only person who can view it (or those who know the password)?

Description

Allow encryption/decription of pages while editing with on-the-fly decryption for viewing

Note the need to be at a WikiSh and WikiShCrypt version 2008-05-05 or above!

Installation

Edit your Site.EditForm (or Site.Popup-EditForm or other equivalent based on your skin) and place these lines immediately after the line which reads (:input e_textarea :)\\:

Crypt Password: (:input password e_cryptpass:) (:input submit name=Encrypt value=Encrypt:) (:input submit name=Decrypt value=Decrypt:) 
{edit(wikish_form PROCESS)(wikish if test -n ${Encrypt}; then; encrypt_edittext; fi; if test -n ${Decrypt}; then; decrypt_edittext; fi)}\\

You can choose another place on your form to place those lines and that will influence where the password field and the encrypt/decrypt buttons are placed on your edit form. For instance, you may choose to place the line after the line with the author field or after the line with the save/save and edit/preview/cancel buttons or even at the top of the form -- the point is you can place this line where you like. (Technically those 2 lines don't have to appear together on the EditForm - if you need to separate them for some reason feel free.)

When you've done this then your edit form will look something like this (when you are editing a page):

Editing Cookbook.EditCrypt

Crypt Password: (THIS IS THE LINE THAT WAS ADDED)
Summary:
Wiki Author: This is a minor edit

(Note that the red text "(THIS IS THE LINE THAT WAS ADDED)" is only for documentation purposes - it will not appear on your edit page)

Now you need to install WikiSh and WikiShCrypt and EditMX. While installation of those recipes is outside the scope of this recipe documentation, this section in your config.php (with WikiSh.php and WikiShCrypt.php downloaded and placed in your cookbook directory) should provide a secure installation:

include_once('cookbook/WikiSh.php');
include_once('cookbook/WikiShCrypt.php');
include_once('cookbook/EditMX.php');
$WikiShVars['CRYPT_IV_FILE'] = 'TEXTFILE--CryptIV.txt';
$WikiShTextWrite = true;
$WikiShTextWriteList = array('CryptIV.txt');
$WikiShTextRead = true;
$WikiShTextReadList = array('CryptIV.txt');

After your first encryption/decryption operation you can either comment out or delete the 2 lines giving write permission so your config.php section would look like this (this is not absolutely necessary, but it gives greater security):

include_once('cookbook/WikiSh.php');
include_once('cookbook/WikiShCrypt.php');
include_once('cookbook/EditMX.php');
$WikiShVars['CRYPT_IV_FILE'] = 'TEXTFILE--CryptIV.txt';
#$WikiShTextWrite = true;
#$WikiShTextWriteList = array('CryptIV.txt');
$WikiShTextRead = true;
$WikiShTextReadList = array('CryptIV.txt');

Notes

Once it is all installed then encryption/decryption is a simple matter of typing in a password into the "Crypt Password" field and then pressing the appropriate button. Your text (encrypted or decrypted) will then show on the form and you can choose whether or not to save it.

Typically editing an encrypted page would involve going to the edit form, entering the password, clicking on "Decrypt", making your changes, clicking on "Encrypt", and then saving your changes.

Be aware that there is no effort made to encrypt your page history. Thus if at any point in the history of this page it was saved in a decrypted format then that version of the page will appear (in the usual diff format) if someone views the history of the page. The only way to get rid of this is to delete the page and re-create it in an encrypted form. (Or I believe there is also a way of setting the number of days history is maintained for - you could probably set that to 0 and save and it might get rid of the decrypted history item.)

When you view (action=browse) an encrypted page it will display like this:

--ENCRYPTED--

To view (browse) the page you type the appropriate password into the field and click on the "Decrypt" button. This will *not* decrypt the page on disk -- it is decrypted only in memory and on screen. The next time you attempt to view the page you will need to re-enter your password and decrypt it again.

Release Notes

If the recipe has multiple releases, then release notes can be placed here. Note that it's often easier for people to work with "release dates" instead of "version numbers".

  • 2008-05-05 - No change to *this* recipe, but this change log is here to call attention to the need to update WikiSh.php and WikiShCrypt.php - there was a bug with using textfiles to store the IV.
  • 2008-05-04 - Initial release

TO DO

This item is pretty important for this recipe to be thoroughly usable:

  • capability to suppress history when writing

Having dependency on 3 other recipes is a bit extreme. Probably I need to move the {edit(...)} markup and the function EditMX() into WikiSh.php...

See Also

DesCrypt does roughly the same thing in javascript (client-side as opposed to server-side). It is oriented more towards encrypting only a portion of a page.

Contributors

Thanks to Marcus for the idea while he was testing WikiShCrypt capabilities.

Comments

See discussion at EditCrypt-Talk?

User notes? : If you use, used or reviewed this recipe, you can add your name. These statistics appear in the Cookbook listings and will help newcomers browsing through the wiki.