DokuWiki

It's better when it's simple

User Tools

Site Tools


plugin:crypto

crypto Plugin

Compatible with DokuWiki

2010-11-07, 2011-05-25

plugin A plugin to support symmetric cryptography using the blowfish algorithm

Last updated on
2010-05-04
Provides
Syntax, Action

This extension has not been updated in over 2 years. It may no longer be maintained or supported and may have compatibility issues.

Similar to dokucrypt

Tagged with decryption, encryption

The crypto plugin allows you to save encrypted Text in an wiki page. The encryption is done via AJAX on the server side using the blowfish algorithm already delivered with DokuWiki. Therefore you should use this plugin only with SSL enabled.

Download and Installation

Search and install the plugin using the Extension Manager. Refer to Plugins on how to install plugins manually.

Syntax and Usage

Comments

Just to emphasize what Martin says below, I have recently upgrade my Ubuntu server running DokuWiki from 12.04 to 13.10 and I now cannot decrypt ANY of my encrypted data!!! OMG! 8-O

We noted that the Blowfish implementation used by this Plugin is platform dependent1) and does not comply with the standard Blowfish algorithm. Transfer of the encrypted passwords may be impossible when moving a wiki to some other machine.

Martin

Good work. But does, unfortunately, not work with Release 2013-05-10a “Weatherwax”. Does anybody know how to fix this?

Martin

Nice done… but there is a security hole. You send a “secret” pass-phrase in clear text over network. It's very easy to sniff a password by capturing your POST request to a server. IMHO encryption/decryption process should be done only on the client side, otherwise “man in the middle” attack are guarantee.

AlexJ


I know this hole was a design decision. You should use this plugin only, with SSL enabled. If you need javascript encryption on the client side you should use the Dokucrypt plugin at the moment. In the future I will perhaps add an option to use client side encryption.

René


Patch file below (unified diff) that fixes special character, such as '+' (amongst many others) that get lost in the encryption.

diff -ru crypto/action.php crypto-glo/action.php
--- crypto/action.php	2010-03-06 18:43:45.000000000 +0000
+++ crypto-glo/action.php	2010-11-01 15:43:21.000000000 +0000
@@ -86,7 +86,7 @@
 	set_error_handler("crypto_error_handler");
 	$result = "";
 	try {
-		$data   = $_POST['data'];
+		$data   = urldecode($_POST['data']);
 		$secret = $_POST['secret'];
 		if (empty($secret)) {
 			print "";
@@ -97,7 +97,7 @@
 		$result = $e->getMessage();
 	}
 
-	print $result;
+	print '<decrypt>'.$result.'</decrypt>';
 	restore_error_handler();
 }
 
diff -ru crypto/js/encrypt-dialog.js crypto-glo/js/encrypt-dialog.js
--- crypto/js/encrypt-dialog.js	2010-04-30 20:35:54.000000000 +0100
+++ crypto-glo/js/encrypt-dialog.js	2010-11-01 15:48:39.000000000 +0000
@@ -95,7 +95,7 @@
 		if ($('encrypt_dialog_password1').value == $('encrypt_dialog_password2').value) {
 			dialog.sack.setVar("call",   "crypto_encrypt");
 			dialog.sack.setVar("secret", escape($('encrypt_dialog_password1').value));
-			dialog.sack.setVar("data",   escape(selection.getText()));
+			dialog.sack.setVar("data",   encodeURIComponent(selection.getText()));
 			dialog.sack.onCompletion = function() {
 				pasteText(selection, dialog.sack.response);
 				$('encrypt_dialog_close').onclick();

– Karl


Hint for best rendering

File:

lib/plugins/crypto/style.css

CSS modifications to hide encrypted text and to show decrypted text

div.dokuwiki span.encrypted {
    width: 100%;
    background-color: #F7F9FA;
    display: none;
}
div.dokuwiki span.decrypted {
    background-color: #F7F9FB;
    display: block;
}

Emanuele

plugin/crypto.txt · Last modified: 2018-05-30 21:40 by Klap-in

Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
CC Attribution-Share Alike 4.0 International Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki