Hi all,

Consider the following scenario:
- System has some sensitive data stored in DB
- This sensitive data is encrypted using aes_encrypt, and then saved to DB
- aes key changes
- Sensitive data is gone :S

How about creating a hook_aes_key_change (better naming is welcome, this is just to explain the idea). This hook would provide both the old key, and the new key, and who this key belongs to. This would allow us to decrypt, and then re-encrypt the data with the new key. Thus avoiding losing the data.

Feedback?

CommentFileSizeAuthor
#14 interdiff-1415550-10-11.txt2.24 KBandriyun
#14 add_change_hook-1415550-11.patch4.79 KBandriyun
#11 add_change_hook-1415550-10.patch3.58 KBandriyun
#10 add_change_hook-1415550-9.patch3.58 KBandriyun
#8 add_change_hook-1415550-8.patch3.57 KBandriyun
#7 add_change_hook-1415550-7.patch3.31 KBandriyun
#6 add_change_hook-1415550-4.patch3.28 KBandriyun
#3 add_change_hook-1415550-3.patch2.72 KBandriyun
#2 add_change_hook-1415550-2.patch2.91 KBandriyun

Comments

dpovshed’s picture

dpovshed commented
Version: 7.x-1.x-dev » 8.x-2.x-dev
Assigned: Unassigned » dpovshed
Issue summary: View changes
Parent issue: » #2228373: [meta] Port the AES module to Drupal 8

Will be implemented in 8.x

andriyun’s picture

andriyun commented
Status: Active » Needs review
StatusFileSize
new add_change_hook-1415550-2.patch2.91 KB

Patch for 7.x

andriyun’s picture

andriyun commented
StatusFileSize
new add_change_hook-1415550-3.patch2.72 KB
andriyun’s picture

andriyun commented
Issue tags: +SprintWeekend2015
andriyun’s picture

andriyun commented
Assigned: dpovshed » andriyun
andriyun’s picture

andriyun commented
StatusFileSize
new add_change_hook-1415550-4.patch3.28 KB
andriyun’s picture

andriyun commented
StatusFileSize
new add_change_hook-1415550-7.patch3.31 KB
andriyun’s picture

andriyun commented
StatusFileSize
new add_change_hook-1415550-8.patch3.57 KB
podarok’s picture

podarok
🇺🇦 he/him/his
Primary language Ukrainian
Location Ukraine
commented
Status: Needs review » Needs work 
+++ b/aes.module
@@ -356,6 +360,19 @@ function aes_config_submit($form, &$form_state) {
+    // Calling custom hook_aes_config_change from each module which implement this hook.

please, make it fit coding standards for 80 symbols per line.
All other looks good.

andriyun’s picture

andriyun commented
Status: Needs work » Needs review
StatusFileSize
new add_change_hook-1415550-9.patch3.58 KB
andriyun’s picture

andriyun commented
StatusFileSize
new add_change_hook-1415550-10.patch3.58 KB
podarok’s picture

podarok
🇺🇦 he/him/his
Primary language Ukrainian
Location Ukraine
commented
Assigned: andriyun » Unassigned
Status: Needs review » Reviewed & tested by the community
podarok’s picture

podarok
🇺🇦 he/him/his
Primary language Ukrainian
Location Ukraine
commented
Status: Reviewed & tested by the community » Needs review 
+++ b/aes.module
@@ -356,6 +360,20 @@ function aes_config_submit($form, &$form_state) {
+       $function = $module . '_aes_config_change';

formatting please

andriyun’s picture

andriyun commented
StatusFileSize
new add_change_hook-1415550-11.patch4.79 KB
new interdiff-1415550-10-11.txt2.24 KB

  • dpovshed committed b18cc8e on 7.x-1.x authored by andriyun 
    Issue #1415550 by andriyun: We need a hook_aes_key_change
dpovshed’s picture

dpovshed commented

Functionality is implemented and committed for Drupal 7. Drupal 8 version is in progress.

andriyun’s picture

andriyun commented
Status: Needs review » Needs work