Extension:PageEncryption
PageEncryption Release status: stable |
|
---|---|
Implementation | Hook , Special page |
Description | Page-level symmetric and asymmetric encryption in a dedicated namespace, completed with disposable access codes and access management |
Author(s) | thomas-topway-it (thomas-topway-ittalk) |
Latest version | 1.2 (2024-08-19) |
Compatibility policy | Master maintains backward compatibility. |
MediaWiki | 1.35+ |
License | GNU General Public License 2.0 or later |
Download | |
|
|
|
|
Quarterly downloads | 2 (Ranked 138th) |
Translate the PageEncryption extension if it is available at translatewiki.net | |
PageEncryption implements page-level symmetric and asymmetric encryption based on Sodium and Defuse php-encryption library. It includes a special page by which to manage asymmetric keys or disposable access keys to grant registered or external users access to encrypted articles, and it works with WikiEditor in a transparent way (with VisualEditor is not yet guaranteed to work, see #Known issues section) within the Encrypted:
namespace.
Key-features
edit- encrypts/decrypts articles transparently (in the dedicated namespace)
- supports both symmetric and asymmetric encryption
- provides disposable access url to let external users access once encrypted articles
- user-friendly interface
Installation
edit- Download and place the file(s) in a directory called
PageEncryption
in yourextensions/
folder. - Add the following code at the bottom of your LocalSettings.php
<!-- place after the registration of other extensions!! -->
wfLoadExtension( 'PageEncryption' );
- Run
php maintenance/update.php
(this will create the necessary database tables that this extension needs) - Run
composer update --no-dev
in the extension's folder, to install the required PHP libraries - Done – Navigate to Special:Version on your wiki to verify that the extension is successfully installed.
How it works
editPageEncryption provides an encrypted namespace (Encrypted:
) where authorized users (users with right pageencryption-can-manage-encryption
) can create/edit protected articles.
The extension works in a transparent way, first requiring to set a global password to create the necessary keys stored on the server, and then setting a cookie with the user-key by which to encrypt/decrypt the articles in the relevant namespace.
The password and the user-key are never stored on the server and the symmetric and asymmetric keys can only be used in conjunction with the user-key, so there is no way for system administrators (unless the extension itself has not been hacked before you set the key) to access your confidential articles/data. To learn more how it works take a look to the following: Encrypting account data with the user's login password, and the following: Modern PHP data Encryption/Decryption with Sodium extension.
PageEncryption is therefore an optimal solution when you agree with systems administrators (or the wiki is self-hosted) to take all the possible measures to protect your data, and you want to safeguard them from possible attackers.
Besides the symmetric encryption used for personal use, PageEncryption allows to encrypt any article in the Encrypted:
namespace with the public key of an user registered on the wiki (provided that they have been added to the group "pageencryption-recipient" and they have created a key-pair) in order to grant access to them on an individual basis. For this to work, the recipient must be added to the group "pageencryption-recipient" and they have to create their keys when entering the wiki.
PageEncryption also allows to set disposable access-codes/urls to provide external visitors with a secret code or url through which to access confidential articles. The secret code and url can be used only once and again they are not stored on the server. You can use them to grant a single access to the recipient of sensitive data ensuring that nobody else will get access to them: of course in this case it is the editor responsibility to provide the secret key or url only through trusted channels. (a future version of the extension will include an interface to enter the access code separately from the url, this way the url and the code can be sent to the recipient using separate channels)
Also note that all encrypted versions of an article/page are relative to a given revision, therefore external users (or registered users with public key) will be able to access only the specific revision encrypted at a given time, therefore as one might expect the method doesn't grant access to future revisions of the same article/page.
Encrypt/decrypt articles
editIn order to encrypt articles either for personal use, or to securely share them with specific recipients, just create an article in the Encrypted:
namespace as you would do with standard wiki articles. After setting the keys through the popup (it shows up automatically when needed), the article content will be encrypted/decrypted transparently as long as you are the editor.
The lock icon on the right informs that the article is encrypted.
The history can also be accessed seamlessly:
On the other side, this is how the article appears when accessed from unauthorized users (including wiki administrators/sysops)
Note that if you forget the PageEncryption password, or the protected key on the server will be lost, your articles cannot be recovered. |
Special page Manage access
editIf you want to grant to other users on the same wiki or to external users, access to an encrypted article, this can be done by the special page "Manage access" reachable either from the actions menu and the list of special pages.
Access can be granted in the following ways:
1) by creating an arbitrary number of disposable codes/url by which to grant to external visitors one-time access to them, also setting an expiration date for the access code/secret url
2) adding registered users to the "pageencryption-recipient" group (or assigning the "pageencryption-can-handle-encryption" right) and encrypting the article revision with their public key (once that they have entered the wiki after being added to the group)
Once the code/secret url is generated, you can provide it to your recipient through a secure channel (for instance by an encrypted chat message, sms, or secure email message) and the extension will record access time and other access-related information, if enabled.
By contrast, if you have granted access to the article using an asymmetric key (only for registered users who have created their keys) you can send them the url of the article and they will be able to access it in a transparent way after signing in to the wiki and by entering their PageEncryption password.
Rights and privileges
editThe extension creates the following user rights.
right | description |
---|---|
pageencryption-can-manage-encryption |
Can manage encryption |
pageencryption-can-handle-encryption |
Can handle encryption |
Groups
editgroup | pageencryption-can-manage-encryption | pageencryption-can-handle-encryption |
---|---|---|
sysop |
v | v |
bureaucrat |
v | v |
pageencryption-admin |
v | v |
pageencryption-recipient |
x | v |
Under the hood
editThe extension redefines the RevisionStore and RevisionLookup services, and manipulates (i.e. encrypts/decrypts) the RevisionRecord as soon as it is retrieved from the database. Cache is disabled for the Encrypted
namespace, and makeAutoSummary
on Manual:Hooks/MultiContentSave is disabled as well. The extension does not manipulate EditPage
through Manual:Hooks/AlternateEdit as one might expect in similar cases. (thanks to the mocked-up RevisionRecord handled at a lower level).
Known issues
edit- VisualEditor might not work correctly on certain installations (the author hasn't yet enough data about that, so in case please report the issue in the Extension_talk:PageEncryption talk page.)
For professional support please write at the email address posted here
Road-map
edit- simple form/UI by which to enter an access code (instead than just using the secret url)
asymmetric encryption for registered users- encrypt/decrypt uploaded files seamlessly