Encryption
Encrypt is a (two-way) encryption API module for Drupal.
Why Encrypt?
There is no native way to do (two-way) encryption in Drupal. There is also not a very standard way of performing encryption in PHP without extensions. There is not too much need for it, but every once in awhile there is a need to store passwords in a database that you need to retrieve without a user involved, and some other various use cases (think about all those database dumps laying around). This module aims to make it easy for your module to keep data secured in an extensible way that does not inherently require any other dependencies.
Use
At it's core, there are two functions:
<?php
// Encrypt data
$encrypted_text = encrypt('some string to encrypt');
// Decrypt daya
decrypt($encrypted_text);
?>Encryption Methods
There are currently three (3) encryption methods available by default.
- None: which is obviously not the preferred.
- Basic: A simple mathematical encryption method that does not require any PHP extensions.
- Mcrypt AES 256: If Mcrypt is enabled, you can use this encryption method which is very secure.
A nice feature of this module is that the method of encryption is passed along with the encryption itself. This means that the default encryption method can change for the site, or developers can choose a specific method.
By default keys are based from the hash that is created for each site in drupal: drupal_private_key.
Keys and Installation
It is highly suggested to put your key outside the webroot. Go to the administrative settings at Admin » Settings » Encrypt to set the path and a key will be generated for you.
Implementing Your Own Encryption
All encryption methods are just implementation of hooks.
<?php
/**
* Implementation of hook_encrypt_api().
*/
function encrypt_encrypt_api() {
return array(
'file' => drupal_get_path('module', 'encrypt') . '/includes/encrypt.encrypt.inc',
'api version' => '1.0',
);
}
/**
* Implementation of encrypt_method_info().
*/
function encrypt_encrypt_method_info() {
$methods = array();
$methods['none'] = array(
'title' => t('None'),
'description' => t('This uses no encryption. It is not suggested to use this.'),
'callback' => 'encrypt_encrypt_none',
);
return $methods;
}
/**
* Call back for Encrypt implementation: none
*/
function encrypt_encrypt_none($op = 'encrypt', $text = '', $key, $options = array()) {
// Check op
if ($op == 'decrypt') {
// No encryption
return $text;
}
else {
// No encryption
return $text;
}
}
?>Similar Modules
Obfuscation versus Security
It should be noted the difference between obfuscation [1] and security. It is important to understand how security is at work and where the points of failure are.
By default, this module uses a key that is stored in your database, while the main use of this module is to store encrypted data in the database. This is actually just an example of obfuscation because if the database itself is compromised, all the appropriate parts are available to retrieve that data, though much more complicated once the data has been encrypted.
When you put your key outside the webroot, the encrypted text and key are now in two distinct parts of the system which will have a lot less likelihood of being compromised at the same time. It is still important to know that this module does not make your data completely secure, it just allows a level of security that Drupal does not inherently provide, and in fact there are many levels that need to be thought about to have fully secure data.
Roadmap
Currently the module seems stable, but it is still pretty young and unused. The 1.x branch will stop getting features and a 2.x branch will be for new features and reworking the module.
- 2.x: #639782: Encrypt 2.x
Releases
| Official releases | Date | Size | Links | Status | |
|---|---|---|---|---|---|
| 6.x-1.0 | 2009-Nov-22 | 14.08 KB | Download · Release notes | Recommended for 6.x |  |
