Hi,

Because the AES module is not anymore secure and should not be used, is it possible to use Real AES module with Backup and Migrate?

Comments

jukka792 created an issue.

ñull’s picture

According to README instructions Real AES and its own aes sub-module is supposed to be only working with one specific (hash) version of a library on GitHub, not compatible with release versions of that library. Awkward!

I tried to follow the instructions but end up in a mysterious "FATAL ERROR: Uncaught crypto exception. Suppressing output. " So in reality Backup and Migrate is in need of an encryption feature now.

ñull’s picture

I was wrong. There are three problems with the aes module's migration instructions though:

  • The old eas module should be deleted after disabling, because the new aes module carries exactly the same name and Drupal cannot distinguish between the two. To avoid confusion deleting the old module is the best option.
  • You should take not that the openssl creates a key with size in bytes while the key module configuration works with size in bits. The instructions should tell you to create a key of 16 bytes which is 128 bits key size.
  • There is a key size limit. Too large will cause a fatal error without further explanation. Keep it to 128 (tested) or may be 256 bits

With real_eas you should take care to use the link in the README file to download the correct library and to store it in the folder sites/all/libraries/php-encryption ; release versions won't work.

couturier’s picture

Most of the development work is happening with the port to D8 now. If this is something you feel would be valuable for the D8 version of Backup and Migrate, I would encourage you to switch the version to the 8.x branch and/or contribute to the discussion at Backup and Migrate Roadmap.