Encrypting fields on an entity [#1802552]

Hi,

Not sure if this is a bug report of feature request....

I'm trying to encrypt a field on a custom entity type. Using hook_form_alter, I have:

function redhen_mods_form_alter (&$form, &$form_state, $form_id) {
  switch ($form_id)  {
	 case 'redhen_contact_contact_form':	  
	    $form['field_ssn']['#encrypt'] = TRUE;
	    $form['field_ssn']['#weight'] = -100;
	  dpm($form);
	  break;
	}
}

This does change the weight and adds the encrypt property to the ssn field. See attached image. But nothing is ever encrypted. Looking in the database, I'm still seeing the fields in plain text.

I chatted with Greg on IRC briefly and he mentioned, he's never used it on an entity. Any chance it can be made to work with fields on custom entities?

Thanks,
Mickey

Comment	File	Size	Author
#6	encrypt.patch	3.31 KB	micnap
#6
	ssn.gif	23.48 KB	micnap

Support from Acquia helps fund testing for Drupal Acquia logo

Comments

Comment #1

micnap CreditAttribution: micnap commented 3 October 2012 at 20:57

I should have also mentioned:

I did try both Mcrypt and Basic encryption with both File and Drupal Private Key.
I did check the weights of my modules and made sure encrypt was coming after my custom module.

If I have it set to Basic encryption, add an entity, and then go to edit it, I get this message logged a bunch of times before the page times out:

Warning: Division by zero in encrypt_encryption_methods_basic() (line 30 of /home/quickstart/websites/pacb.dev/sites/all/modules/encrypt/plugins/encryption_methods/default.inc).

Thanks,
Mickey

Comment #2

bmodesign CreditAttribution: bmodesign commented 19 March 2013 at 20:08

Hey Mickey,

Curious if you were able to get anywhere with encrypting a field on an entity?

I'm stuck too. I've been looking at how a module was written called Field Encrypt. They give a UI for settings added to fields, but for some reason the field data is moved to another table in the db, which I'm trying to avoid... I want a field to be encrypted every time it is saved, and decrypted when it is viewed, in its own field table in the database.

That Field Encrypt module hooks into 3 different functions. hook_field_storage_pre_insert() , hook_field_storage_pre_update() , hook_field_storage_pre_load()
It goes into field storage instead of hooking into a form. Which I'm learning is two separate things.

Do we need to start with those functions and within each call to the encryption module to encrypt or decrypt using this API?

Thanks,
Barrett

Comment #3

micnap CreditAttribution: micnap commented 19 March 2013 at 21:02

I ended up having to do 3 things to get it working:

1. Hacked encrypt/modules/encryptfapi/encryptfapi.module to work for my specific case and save the patch so I can update and reapply if updates still don't support fields.
2. Create a field formatter that called the decrypt function so I could display the field unencrypted on the entity detail page.
3. Then because I needed to be able to search on the encrypted field, I had to alter the query with hook_views_query_alter.

It's not pretty but it works. Let me know if you want to see code.

Mickey

Comment #4

bmodesign CreditAttribution: bmodesign commented 26 March 2013 at 15:26

Mickey,

Still banging my head against the wall on this. Code would be much appreciated.
I didn't even think about the hook_views_query_alter and that's an enormous part of this too. Not just viewing on a node.

Barrett

Comment #5

micnap CreditAttribution: micnap commented 23 April 2013 at 18:38

Hi Barrett,

Sorry for the delay. Here is what I used. Like I said, it is a hack.

In MYMODULE.module:

1. Using hook_form_alter, add $form['field_MYFIELD]['#encrypt'] = TRUE; on your form element.
2. Add a field formatter:

function MYMODULE_field_formatter_info() {
  return array(
    // Machine name of the formatter.
    'MYMODULE_decrypt_ssn' => array(
      // Label for the administrative UI.
      'label' => t('Decrypt'),
      // Field types it supports.
      'field types' => array('text'),
    ),
  );
}

function MYMODULE_field_formatter_view($entity_type, $entity, $field, $instance, $langcode, $items, $display) {
  //Load the file for the decrypt function
  module_load_include('module', 'encrypt');
  
  $output = array();
  // Verify the formatter type.
  if ($display['type'] == 'MYMODULE_decrypt_ssn') {
    // Handle multi-valued fields.
    foreach ($items as $delta => $item) {
      // See which option was selected.
      $output[$delta] = array(
        '#markup' => decrypt($item['value'], array('base64' => 
TRUE)),
      );
    }
  }
  return $output;
}

3. I had a view with a combined exposed filter that I needed to be able to search on so I had to alter the view query. This code lives in a MYMODULE.views.inc file:

function MYMODULE_views_query_alter(&$view, &$query) {
  // (Example assuming a view with an combined exposed filter containing ssn field.)
  // If the input for combined filter is numeric and the ssn field exists in the view,
  // encrypt the ssn before searching the database.
  if (isset($view->exposed_raw_input['combine']) && is_numeric($view->exposed_raw_input['combine'])) {
    dsm($query);  
    // Traverse through the 'where' part of the query.
    foreach ($query->where as &$condition_group) {
      foreach ($condition_group['conditions'] as &$condition) {
         //If this is the part of the query filtering on the combined fields and ssn is one of the combined fields, change the condition to filter on the encrypted ssn.
        if (strpos($condition['field'], 'CONCAT_WS') !== false && strpos($condition['field'], 'field_ssn_value') !== false) {
          $condition = array(
            'field' => $condition['field'], 
            'value' => array(':views_combine' => '%' . encrypt($view->exposed_raw_input['combine'], array('base64' => TRUE)) . '%'), 
            'operator' => 'formula',
          );
        }
      }
    }
  }
}

4. And then I added the attached patch to the encrypt module.

Hope this helps.

Mickey

Comment #6

micnap CreditAttribution: micnap commented 23 April 2013 at 18:41

File	Size
encrypt.patch	3.31 KB

Duh. The patch.

Comment #7

bmodesign CreditAttribution: bmodesign commented 12 June 2013 at 21:13

Thanks for sharing your code Mickey!
I'm in the middle of troubleshooting my install.

I have the default encryption options selected while I troubleshoot. My module uses hook_form_alter just like it should.
I'm seeing the #encrypt = TRUE variable through devel. But the saved value in the db is still plain text for that variable. I'm on a mac, MAMP install... could it be because I'm not on a live server? that's my next step for testing...

I'm tempted to use basic encrypt / decrypt functions using hooks available in the Field API... and not use encryptfapi.module
I'll report back with progress.
Barrett

Comment #8

greggles

he/him

English

Denver, Colorado, USA

CreditAttribution: greggles commented 5 June 2014 at 16:25

Version:	7.x-2.0-beta3	» 7.x-2.x-dev
Issue summary:	View changes

I guess this is relevant in dev too.

Comment #9

rlhawk

English

Seattle, Washington, United States

CreditAttribution: rlhawk commented 18 August 2014 at 01:07

Project:	Encrypt	» Encrypt Form API
Version:	7.x-2.x-dev	»

Moved to Encrypt FAPI module.

Comment #10

rlhawk

English

Seattle, Washington, United States

CreditAttribution: rlhawk commented 9 April 2015 at 18:32

Version:

» 7.x-2.x-dev

The Encrypt Form API module has been rewritten, so I'm not sure if this issue is still applicable. The #encrypt property should work with any form, including forms for custom entities.

One thing I noticed, looking at the screen capture in the original post, is that #encrypt was being applied to a container field element, which won't work. The property needs to be attached to a supported element, such as textfield, checkboxes, radios, etc.