SymmetricEncryptedText by BitPoet

Store values of text fields in the database encrypted

SymmetricEncryptedText

ProcessWire module - symmetric encryption for text based fields

Status

Alpha, proof-of-concept

Requires

ProcessWire 3

Description

This module adds an encryption option to all text fields (and those derived from FieldtypeText).

Field contents are encrypted using a symmetric key when a page is saved and decrypted when loaded from the database.

The module by default uses sodium (if loaded) in PHP versions >= 7.2, otherwise it falls back to the bundled phpseclib.

Multi-Language fiels are supported too.

WARNING!

Setting a field to encrypted and saving values in those fields is a one-way road!

Once encrypted, the contents cannot be unencrypted without writing a program to do so. Disabling the encryption option on a field after the fact gets you encrypted "garbage".

Usage

  • Download the zipped module through the green button at the top right of the GitHub repo or from the official PW module repository
  • Extract in its own directory under site/modules.
  • In the backend, click "Modules" -> "Refresh", then install "Symmetric Encryption for Text Fields".
  • Go to module settings. An appropriately sized, random key will be generated if this is your first use.
  • Copy the supplied entry into site/config.php
  • Add fields or configure already present fields. On the "Details" tab you can enable encryption for the field in question
  • Edit a page with such a field, enter a value there, save and enjoy

Existing, unencrypted values are left untouched until a new value is saved. That way, you can do a smooth upgrade to encryption, but you have to save all pre-populated pages to have their values encrypted in the database. Thus it is recommended to avoid adding encryption to already populated fields.

Advanced Usage

You can hook after SymmetricEncryptedText::loadKey to retrieve your key from somewhere else, e.g. a different server.

License

See LICENSE file in the toplevel directory

Warning

Use at your own risk.

Install and use modules at your own risk. Always have a site and database backup before installing new modules.

Twitter updates

  • This week ProcessWire 3.0.214 is on the dev branch. Relative to 3.0.213 this version has 16 new commits which include the addition of 3 new pull requests, 6 issue fixes, a new WireNumberTools utility class, and various other improvements. More
    17 March 2023
  • ProcessWire 3.0.213 core updates: This week we’ll look at the new WireSitemapXML module, a new WireNumberTools core class, and a new ability for Fieldtype modules to specify useful ready-to-use configurations when creating new fields. More
    24 February 2023
  • ProcessWire 3.0.212 core updates— More
    17 February 2023

Latest news

  • ProcessWire Weekly #462
    In the 462nd issue of ProcessWire Weekly we'll cover the latest core updates, check out a new third party module called Template Access Log, and more. Read on!
    Weekly.pw / 18 March 2023
  • ProcessWire 3.0.213 core updates
    This week we’ll look at the new WireSitemapXML module, a new WireNumberTools core class, and a new ability for Fieldtype modules to specify useful ready-to-use configurations when creating new fields.
    Blog / 24 February 2023
  • Subscribe to weekly ProcessWire news

“We chose ProcessWire because of its excellent architecture, modular extensibility and the internal API. The CMS offers the necessary flexibility and performance for such a complex website like superbude.de. ProcessWire offers options that are only available for larger systems, such as Drupal, and allows a much slimmer development process.” —xport communication GmbH