Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
To implement a zero-knowledge system, it would be great if this module could support client-side encryption.
There's a JavaScript framework for this called Crypton that supports this. Perhaps we could take advantage of it?
This was originally discussed on Drupal Answers.
Comments
Comment #2
colanMoving to a better queue...
Comment #3
gregglesHere's my understanding of the proposed solution: encryption happens on the browser side by adding a js library and encrypting the field before sending it to the server. Server-side it's just a single string of text to store.
If that's the case, I feel like it mostly deserves to be its own module separate from the encrypt module. At least so far, the encrypt module is focused on key management and keeping track of what encryption method was used on which string and then being able to get the right key and use the right settings to decrypt a string. The encrypt.module doesn't add any javascript nor does it store encrypted data - it's just an api with UI for configuring the API.
Comment #4
colanYes, that's how I see it as well. I was just wondering if the maintainers thought it would be worthwhile to include both types of encryption (server and client) in the same module. We could have one encryption module to rule them all, so to speak.
If we want to keep these implementations separate, I suppose we could have a new module named "Client-Side Encryption", and then rename this one to "Server-Side Encryption" or some such. It would help reduce confusion.
Comment #5
gregglesIf you're open to maintaining it inside this project I could see adding it here. I'm just not sure there's much overlap beyond the name.
Not sure what the other encrypt maintainers think - perhaps they can add their thoughts.
Comment #6
rlhawkI'm all for having as many ways to encrypt and decrypt data as possible, so adding client-side functionality sounds great to me. If it's possible to integrate the client-side options to the Encrypt API, without providing a specific encryption method, we should include the integration. A separate, contributed module could then provide support for Crypton as an encryption method.
Comment #7
ksevta CreditAttribution: ksevta as a volunteer commentedThis requirement can be fulfill with password-based public-key encryption which uses ownCloud’s Data Encryption 2.0 Model. There is a advance security method available which enables client-side encryption so i think we can use this.
Comment #8
colan@ksevta: Actually, no. That's my GSOC idea there, and it's server-side as the encryption/decryption is done on the server. For a method to be client-side, the data must be encrypted on the client, before it gets to the server. So the server never sees any unencrypted data.
But maybe we could propose this as a project idea for next year's GSOC?
Comment #9
colanDone! Please help me add details at https://groups.drupal.org/node/515848#project1.
Comment #10
colanOne issue that the students brought up is which credential to use. I don't believe we can use the user's login password like we did in Pubkey Encrypt because we don't want to trust the server, and the user's password gets sent there.
Some options:
Maybe we could provide a plug-in system with whichever (or more) options? I'd like to see at least one of the above in whichever module/solution we produce.
Thoughts and ideas welcome, and please correct me if I'm missing anything.
Comment #11
marncz CreditAttribution: marncz commented@colan you concern being that passwords are hashed server side? and server would know passwords in plaintext?
One possibility is for users to create another passcode / password when registering that would encrypt RSA's private key with symmetric AES-256. Keys generation would happen client side (both RSA pair and AES encryption) so server would know the passwords used for encryption at all.
Another security mechanism would be "scrambling" keys array for each encrypted data => working on hashes will decrease assigning of user => key by an attacker.
For better security password may be entered every time that encrypted data is accessed (JavaScript prompt), this way the passhprase is not stored on the client (e.g. localStorage, cookies). That would also decrease harm of possible mitm / code injection attacks. May use another auth mechanism already existing in Drupal, I think that's a good idea to keep user passwords and encryption passwords separate.
On security of web client-side encryption: http://www.cs.tufts.edu/comp/116/archive/fall2015/mseltzer.pdf
Can share my design document upon request.
Comment #12
colanI've got a wrap-up of this year's related GSOC projects over at Client-side encryption options now available in Drupal, but the short version is that we now have two contrib modules that support this: