How to encrypt/decrypt sensitive data - the Joomla way?
chris
Hello,
I wrote an user profile plugin, which allows users to input sensitive data. At first I learned that in my case it is not possible to encrypt it on database level because the data is stored in #__user_profiles , profile_value as VARCHAR and it looks it only works with VARBINARY fields. But this statement can be false, because I have no experience with this topic.
As next, I looked up how Joomla can help me. I searched the codebase and the web and I did this for hours. But to be honest, I am/was lost. Found JCrypt and JCryptCipher but there are no docs which helps coders who are not experienced with this topic. I implemented the JCryptCipher Interface in my plugin and added the scaffold of the 3 methods encrypt() decrypt() and generateKey(). But I really not got what to do exactly in this methods. My fault :-)
I not quit and wrote instead then the code with the help from the php.net examples. It works, I can encrypt the data (ATM with MCRYPT_RIJNDAEL_128, MCRYPT_MODE_CBC) before I store it in the database and decrypt it when the user edits again the profile. But I did this stuff the first time and so it cannot be good practice.
I hope someone has some real world code from an up to date extension, or at least can me guide a little how to do this in the Joomla way. Every bit of help is appreciated.
Thanks in advance, Christian
Hannes Papenberg
There are 3 scenarios for encryption:
1. You are storing passwords or similar stuff that you don't need to
decrypt again, but need the "encrypted" string to compare for later
cases. In that case you use hashing and that is a one-way solution.
2. You are encrypting data with a public key and send that data off to
another server somewhere. Important in this case: You don't have the
private key available on the server that encrypts the data.
Those 2 cases are valid and ok.
3. You are encrypting data to store it in your database and when you
read it again on the same server (automatically) you decrypt it again.
That third use case is not valid, since it means that your data is
obfuscated, but not encrypted. It is obfuscated, because a potential
hacker has both the code to decrypt your data AND the secret key to
decrypt it on your system. And it has to be on your system, otherwise
your own application could not read and modify the data.
Your data is not encrypted if you give a possible attacker the
decryption-key when he breaks in. Like your door does not protect your
home if you lock it, but leave the key in the lock.
Hannes
> You received this message because you are subscribed to the Google
> Groups "Joomla! CMS Development" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to joomla-dev-cm...@googlegroups.com
> <mailto:joomla-dev-cm...@googlegroups.com>.
> To post to this group, send email to joomla-...@googlegroups.com
> <mailto:joomla-...@googlegroups.com>.
> Visit this group at http://groups.google.com/group/joomla-dev-cms.
> For more options, visit https://groups.google.com/d/optout.
Christian Hent
To unsubscribe from this group and stop receiving emails from it, send an email to joomla-dev-cm...@googlegroups.com.To post to this group, send an email to joomla-...@googlegroups.com.