I thought I would put this out to the community in case someone finds it useful.

I have built and use a drupal 5 module that performs "Client Side Encryption". This allows encryption/decryption of content or parts of content solely within the browser. Neither the network nor any server php code gets to see any plaintext content it shouldn't nor are the pass phrases passed back to drupal. All the encryption/decryption work takes place in the browser with javascript.

When editing a node, the module provides a small sandbox within the node edit form to allow the insertion of encrypted text. On a page with encrypted text a textfield is available where a pass phrase can be entered to perform the decryption.

The encryption algorithm used is 128 bit AES. Clearly, as most of the work is done in javascript (client side) it is only as secure as the browser/client machine. It was developed on the firefox/mozilla browser, but I have also checked it works OK on IE7 and Opera 9. I would not use it on IE6 (although, I have not tried it there). For more information and a small demo, see the download site.

The module is available for perusal/download at equivocation.org/cse.


Devis’s picture

Very nice anaru, it has surely many applications, ip, statistics etc without logging in
Is there a way to "forget" the password ?
It could be used also in a block, to hide/show some text, and combining it with ajax many other things could be done... very interesting!

anaru’s picture

"Forgetting" the password (both in the cookie and reverting any decryption) is not implemented yet, it is something on my list to do. One of my main aims is to minimise the impact/appearance on the page and I was reluctant to introduce another clickable object.
There are lots of ajax possibilities, one I was considering implementing was an audit log, adding the possibility of recording when and how often components were being decrypted.

ljet’s picture

Can i use that module in drupal ver. 4.6.3?
I need to encrypt some source code which was written in a page using PHP script.

anaru’s picture

Unfortunately not, the actual drupal module is only designed to work in drupal 5. However, the module php is a very small part of the whole module - most of the work is in the javascript, so it shouldn't be very hard to change the php to build your own 4.6 module.

anaru’s picture

I have published a new version (v1.2 - still available on equivocation.org/cse). It adds the above requested feature - the ability to revert to encrypted form and forget the password. It also tides up some of the interface in the edit forms.

anaru’s picture

This project has moved to drupal.org/project/cse. It is also now available for both drupal 5 and 6.