cleverage / encryption-bundle
The EncryptionBundle allows you to store encrypted files and data in Doctrine's entity in a very simple way
Installs: 959
Dependents: 0
Suggesters: 0
Security: 0
Stars: 0
Watchers: 2
Forks: 4
Type:symfony-bundle
Requires
- php: ^7.4
- ext-mbstring: *
- doctrine/doctrine-bundle: *
- doctrine/orm: *
- php-parallel-lint/php-var-dump-check: ^0.5.0
- symfony/framework-bundle: ^4.4|^5.1
- symfony/monolog-bundle: ^3.6
- symfony/security: ^4.4|^5.1
- symfony/string: ^5.2
Requires (Dev)
- phpseclib/mcrypt_compat: ^1.0
- phpunit/phpunit: ^9.4
- symfony/stopwatch: ^4.4|^5.1
Suggests
- ext-mcrypt: Don't use this except for backward compatibility purpose
- ext-sodium: The Sodium library is native in PHP 7.2
- paragonie/sodium_compat: Use this for a Sodium polyfill
- phpseclib/mcrypt_compat: If you need backward compatibility but don't want to compile the extension
Conflicts
README
Easy entity and file encryption for Symfony.
We wanted to be able to store encrypted data in our Symfony2 applications and we realized that there were no simple way to do it.
In our solution, a malicious user will have a really hard time to steal data from our server.
- The data will not be compromised by an SQL Injection or by a remote include attack.
- If no end users are connected, no one can decrypt the data, not even the root user.
- Only users from the same organization can share data between each other.
The idea is to store the cipher key inside the database in the user table but encrypted with the user's plaintext password. This way each user from the same organization can share the same cipher key to encrypt and decrypt data but each user can only decrypt it's own encrypted key at login time.
The main weakness of this system is that the cipher key is stored temporarly in PHP's session, however, the only way to overcome this problem would be to use a pretty complex asymmetric encryption system between the client and the server which could only be done properly using a rich client.
Installation
composer require cleverage/encryption-bundle
Usage
use Doctrine\ORM\Mapping as ORM; class MyEntity { /** * @ORM\Column(type="encrypt_string") */ private string $myField; /** * @ORM\Column(type="encrypt_text") */ private string $myFieldText; }
Helpers
This bundle comes with an EncryptionManager class which can be used in standalone to encrypt and decrypt data and files. There's also a DecryptFileResponse which allows you to directly stream an encrypted file to the client while deciphering it.
Installation
You just require the package sidus/encryption-bundle either directly in your composer.json or by command line :
$ composer require sidus/encryption-bundle ~0.1.0
Update your AppKernel.php
public function registerBundles()
{
$bundles = array(
...
new Sidus\EncryptionBundle\SidusEncryptionBundle(),
);
...
}
Implements the interfaces
You should implements the UserEncryptionProviderInterface on your user entity and the CryptableInterface on each entity that will contains encrypted data.
Don't forget to update the model, the encryptedCipherKey must be persisted to the database !
Configuration
If you need to share encrypted data between users you need to generate each encrypted cipher key with the same cipher key which can prove to be tricky, especially if users already have accounts and passwords.
If each user encrypts it's own data however, you can just use the automatic encryption key generation in your config.yml:
sidus_encryption: encryption_key: auto_generate: false throw_exceptions: true # Do not throw an exception when an error occurred when decrypting a value
This will tell the system to automatically generate a new encryption key if the user doesn't have any.
In case of password recovery, the user won't be able to retrieve any of the encrypted data because he would be the only one able to decrypt the cipher key.
Disable Encryption
The encryption can be temporary disabled on an encrypted type (in a command for example). This can be achieved using
the Sidus\EncryptionBundle\Encryption\Enabler\EncryptionEnablerInterface service:
// ... $encryptionEnabler->disableEncryption(); // Starting from here, data will not be decrypted $encryptionManager->decryptString($value); // The value will not be decrypted $encryptionManager->encryptString($value); // The value will not be encrypted and store as is $encryptionEnabler->enableEncryption(); // Now the encryption is re-enabled and works normally
Apache License
@todo
Authors
The bundle was originally created by Vincent Chalnot.