SymmetricEncryptedText by bitpoet

Store values of text fields in the database encrypted

SymmetricEncryptedText

ProcessWire module - symmetric encryption for text based fields

Status

Alpha, proof-of-concept

Requires

ProcessWire 3

Description

This module adds an encryption option to all text fields (and those derived from FieldtypeText).

Field contents are encrypted using a symmetric key when a page is saved and decrypted when loaded from the database.

The module by default uses sodium (if loaded) in PHP versions >= 7.2, otherwise it falls back to the bundled phpseclib.

Multi-Language fiels are supported too.

WARNING!

Setting a field to encrypted and saving values in those fields is a one-way road!

Once encrypted, the contents cannot be unencrypted without writing a program to do so. Disabling the encryption option on a field after the fact gets you encrypted "garbage".

Usage

  • Download the zipped module through the green button at the top right of the GitHub repo or from the official PW module repository
  • Extract in its own directory under site/modules.
  • In the backend, click "Modules" -> "Refresh", then install "Symmetric Encryption for Text Fields".
  • Go to module settings. An appropriately sized, random key will be generated if this is your first use.
  • Copy the supplied entry into site/config.php
  • Add fields or configure already present fields. On the "Details" tab you can enable encryption for the field in question
  • Edit a page with such a field, enter a value there, save and enjoy

Existing, unencrypted values are left untouched until a new value is saved. That way, you can do a smooth upgrade to encryption, but you have to save all pre-populated pages to have their values encrypted in the database. Thus it is recommended to avoid adding encryption to already populated fields.

Advanced Usage

You can hook after SymmetricEncryptedText::loadKey to retrieve your key from somewhere else, e.g. a different server.

License

See LICENSE file in the toplevel directory

Warning

Use at your own risk.

Install and use modules at your own risk. Always have a site and database backup before installing new modules.

Twitter updates

  • ProcessWire 3.0.171 dev branch core updates – More
    22 January 2021
  • Preliminary 2021 roadmap in progress in this week’s update— More
    8 January 2021
  • Happy New Year! Today I’ve bumped the version on the dev branch to 3.0.170, and it’s quite a lot of updates. This post covers most of them. In this post, there’s also a question for you: what would you like to see in ProcessWire in 2021? More
    1 January 2021

Latest news

  • ProcessWire Weekly #350
    In the 350th issue of ProcessWire Weekly we'll check out ProcessWire 3.0.171, highlight some recent forum threads and other ProcessWire resources, and introduce a brand new site of the week. Read on!
    Weekly.pw / 23 January 2021
  • ProcessWire 3.0.170 core updates
    Happy New Year! Today I’ve bumped the version on the dev branch to 3.0.170, and it’s quite a lot of updates. This post covers most of them. In this post, there’s also a question for you: what would you like to see in ProcessWire in 2021?
    Blog / 1 January 2021
  • Subscribe to weekly ProcessWire news

“ProcessWire is like a breath of fresh air. So powerful yet simple to build with and customise, and web editors love it too.” —Margaret Chatwin, Web developer