Hi all,

Consider the following scenario:
- System has some sensitive data stored in DB
- This sensitive data is encrypted using aes_encrypt, and then saved to DB
- aes key changes
- Sensitive data is gone :S

How about creating a hook_aes_key_change (better naming is welcome, this is just to explain the idea). This hook would provide both the old key, and the new key, and who this key belongs to. This would allow us to decrypt, and then re-encrypt the data with the new key. Thus avoiding losing the data.

Feedback?

Comments

dpovshed’s picture

Version:7.x-1.x-dev» 8.x-2.x-dev
Assigned:Unassigned» dpovshed
Issue summary:View changes
Parent issue:» #2228373: [meta] Port the AES module to Drupal 8

Will be implemented in 8.x

andriyun’s picture

Status:Active» Needs review
StatusFileSize
new2.91 KB

Patch for 7.x

andriyun’s picture

StatusFileSize
new2.72 KB
andriyun’s picture

Issue tags:+SprintWeekend2015
andriyun’s picture

Assigned:dpovshed» andriyun
andriyun’s picture

StatusFileSize
new3.28 KB
andriyun’s picture

StatusFileSize
new3.31 KB
andriyun’s picture

StatusFileSize
new3.57 KB
podarok’s picture

Status:Needs review» Needs work
+++ b/aes.module
@@ -356,6 +360,19 @@ function aes_config_submit($form, &$form_state) {
+    // Calling custom hook_aes_config_change from each module which implement this hook.

please, make it fit coding standards for 80 symbols per line.
All other looks good.

andriyun’s picture

Status:Needs work» Needs review
StatusFileSize
new3.58 KB
andriyun’s picture

StatusFileSize
new3.58 KB
podarok’s picture

Assigned:andriyun» Unassigned
Status:Needs review» Reviewed & tested by the community
podarok’s picture

Status:Reviewed & tested by the community» Needs review
+++ b/aes.module
@@ -356,6 +360,20 @@ function aes_config_submit($form, &$form_state) {
+       $function = $module . '_aes_config_change';

formatting please

andriyun’s picture

StatusFileSize
new4.79 KB
new2.24 KB

  • dpovshed committed b18cc8e on 7.x-1.x authored by andriyun
    Issue #1415550 by andriyun: We need a hook_aes_key_change
    
dpovshed’s picture

Functionality is implemented and committed for Drupal 7. Drupal 8 version is in progress.

andriyun’s picture

Status:Needs review» Needs work