Hi all,

Consider the following scenario:
- System has some sensitive data stored in DB
- This sensitive data is encrypted using aes_encrypt, and then saved to DB
- aes key changes
- Sensitive data is gone :S

How about creating a hook_aes_key_change (better naming is welcome, this is just to explain the idea). This hook would provide both the old key, and the new key, and who this key belongs to. This would allow us to decrypt, and then re-encrypt the data with the new key. Thus avoiding losing the data.

Feedback?

CommentFileSizeAuthor
#14 interdiff-1415550-10-11.txt2.24 KBandriyun
#14 add_change_hook-1415550-11.patch4.79 KBandriyun
#11 add_change_hook-1415550-10.patch3.58 KBandriyun
#10 add_change_hook-1415550-9.patch3.58 KBandriyun
#8 add_change_hook-1415550-8.patch3.57 KBandriyun
#7 add_change_hook-1415550-7.patch3.31 KBandriyun
#6 add_change_hook-1415550-4.patch3.28 KBandriyun
#3 add_change_hook-1415550-3.patch2.72 KBandriyun
#2 add_change_hook-1415550-2.patch2.91 KBandriyun
Support from Acquia helps fund testing for Drupal Acquia logo

Comments

dpovshed’s picture

dpovshed CreditAttribution: dpovshed commented
Version: 7.x-1.x-dev » 8.x-2.x-dev
Assigned: Unassigned » dpovshed
Issue summary: View changes
Parent issue: » #2228373: [meta] Port the AES module to Drupal 8

Will be implemented in 8.x

andriyun’s picture

andriyun CreditAttribution: andriyun commented
Status: Active » Needs review
FileSize
add_change_hook-1415550-2.patch2.91 KB

Patch for 7.x

andriyun’s picture

andriyun CreditAttribution: andriyun commented
FileSize
add_change_hook-1415550-3.patch2.72 KB
andriyun’s picture

andriyun CreditAttribution: andriyun commented
Issue tags: +SprintWeekend2015
andriyun’s picture

andriyun CreditAttribution: andriyun commented
Assigned: dpovshed » andriyun
andriyun’s picture

andriyun CreditAttribution: andriyun commented
FileSize
add_change_hook-1415550-4.patch3.28 KB
andriyun’s picture

andriyun CreditAttribution: andriyun commented
FileSize
add_change_hook-1415550-7.patch3.31 KB
andriyun’s picture

andriyun CreditAttribution: andriyun commented
FileSize
add_change_hook-1415550-8.patch3.57 KB
podarok’s picture

podarok
🇺🇦 he/him/his
Primary language Ukrainian
Location Ukraine
CreditAttribution: podarok commented
Status: Needs review » Needs work 
+++ b/aes.module
@@ -356,6 +360,19 @@ function aes_config_submit($form, &$form_state) {
+    // Calling custom hook_aes_config_change from each module which implement this hook.

please, make it fit coding standards for 80 symbols per line.
All other looks good.

andriyun’s picture

andriyun CreditAttribution: andriyun commented
Status: Needs work » Needs review
FileSize
add_change_hook-1415550-9.patch3.58 KB
andriyun’s picture

andriyun CreditAttribution: andriyun commented
FileSize
add_change_hook-1415550-10.patch3.58 KB
podarok’s picture

podarok
🇺🇦 he/him/his
Primary language Ukrainian
Location Ukraine
CreditAttribution: podarok commented
Assigned: andriyun » Unassigned
Status: Needs review » Reviewed & tested by the community
podarok’s picture

podarok
🇺🇦 he/him/his
Primary language Ukrainian
Location Ukraine
CreditAttribution: podarok commented
Status: Reviewed & tested by the community » Needs review 
+++ b/aes.module
@@ -356,6 +360,20 @@ function aes_config_submit($form, &$form_state) {
+       $function = $module . '_aes_config_change';

formatting please

andriyun’s picture

andriyun CreditAttribution: andriyun commented
FileSize
add_change_hook-1415550-11.patch4.79 KB
interdiff-1415550-10-11.txt2.24 KB

  • dpovshed committed b18cc8e on 7.x-1.x authored by andriyun 
    Issue #1415550 by andriyun: We need a hook_aes_key_change
dpovshed’s picture

dpovshed CreditAttribution: dpovshed commented

Functionality is implemented and committed for Drupal 7. Drupal 8 version is in progress.

andriyun’s picture

andriyun CreditAttribution: andriyun commented
Status: Needs review » Needs work