AES encrypt webform submissions

This currently is not possible with webform. Though it sounds interesting I doubt the level of demand for such a feature. I'd have to review any potential patches for such a feature before supporting it in the module.

I would also need this, it is something I have been searching for and would truly enable Drupal sites safe storage of form data.

Just moving to feature request.

we would like to see if we can help develop this... has there been any more interest for the encryption feature?

Moving to the 3.x version, no new features are being added to 2.x. There has been no work on this feature; if there had been work it would be documented here.

In the 3.x version, we now have much better APIs, including submission hooks that would allow submissions to be modified before they are saved or after they have been loaded. This means that (at least in theory), submissions could be encrypted on presave and then decrypted on load. However there would need to be some kind of way to actually enter the encryption password somewhere to "unlock" the encryption. Since storing the password in the database is not safe (since then the data could be decrypted), we'd need to store this password some where else, perhaps the user's cookie, though that's not real secure either. But at least this would make it difficult to combine the two, since the user's cookie is stored in the browser, independent from the server if it were to be compromised.

I'm not planning on working on this functionality, just dumping my ideas out there in case some one is interested in giving this a shot.

thanks for the update - this helps

I believe this fixes it for you guys:
http://drupal.org/project/encrypt

I guess we can set it as fixed as well.

It would be nice if that module solved the problem, but all it does is provide a mechanism for encryption. Installing it doesn't encrypt anything at all, the module storing the data is still responsible for encrypting/decrypting the information on storage and retrieval. While encrypt module might be useful for Webform's implementation, alone it doesn't accomplish the desired task.

There's also a client side encryption module at http://drupal.org/project/cse... but is proving difficult to leverage for encrypting Webform submissions.

I like the idea of storing the key outside the webroot (as recommended by Encrypt), but I can think of requiring multiple keys needed for each Drupal site - a pair generated for each webform node created.

subscribe

A project was released not to long ago that I just became aware of that might help with this need: http://drupal.org/project/webform_encrypt

Though encryption is per-component. Still an interesting option.

@quicksketch What are your thoughts on the webform_encrypt project?

We have a client coming back to us after getting a third party developer to work on the site and they overrode a hacked webform with an encrypted field component and added this project in its place. From first look at the code from webform_encrypt, it doesn't appear possible to integrate 100% with webform, rather a solution similar to #335833: Credit Card Number Component is better.

I have a sandbox version at http://drupal.org/sandbox/aland/1489666 based on the encrypt project (for D6)

Currently, over 80% of the functionality of webform_encrypt doesn't work on the latest dev version with our current webform setup. Data is entered and encrypted, but view / edit / table / etc are all broken (thus little faith in this project).

I would like to open this topic back up for discussion.

I am currently using Webform Encrypt - it does encrypt/decrypt properly, after patching as listed here: https://drupal.org/node/1306314

There is still some rough edges, however it is very promising... if anyone is looking for AES256 encryption in their forms.

Edit: webform 3.x is what I'm using

The 6.x branch is receiving critical bug fixes only.

@ydahi did you get it to work with encrypted webform submissions? I am looking for a solution like this myself?

@mester9
You could try my module : webform_pki_encrypt (https://www.drupal.org/sandbox/plirof2/2980651)
It creates a set of public/private key per webform and it encrypts the fields you set as personal/private leaving the others unencrypted.

Note: you must store your private key somewhere safe. If you loose it there is no way to get your data back.
I have made many modification additions to this module but haven't had the tiome to clean the code and upload it to drupal. Probably you will be ok with the drupal.org module.