DokuWiki

It's better when it's simple

User Tools

Site Tools


plugin:encryptedpasswords

Encrypted Passwords Plugin

Compatible with DokuWiki

  • 2020-07-29 "Hogfather" yes
  • 2018-04-22 "Greebo" unknown
  • 2017-02-19 "Frusterick Manners" unknown
  • 2016-06-26 "Elenor Of Tsort" unknown

plugin This plugin lets you store 256 bit AES encrypted passwords in your DokuWiki pages. The password can be decrypted by clicking them.

Last updated on
2022-02-08
Provides
Syntax, Action
Repository
Source

Tagged with convert, encryption, password

This plugin is useful if you want to store passwords, API Keys or other secrets directly within your page. The passwords are stored encrypted in the wiki source files, so nobody is able to find out the passwords through the file system.

The encryption uses 256 bit AES-CBC symmetric encryption with the encryption key and IV derived from the given password using PKDF2 with SHA-256 using 10000 iterations. This is not the most secure mechanism available, but was chosen for it's compatibility with OpenSSL's enc mechanism (see below). This ensures your secrets can be decrypted without having to rely on the availability of this plugin.

All encryption and decryption is handled client side using JavaScript.

This plugin was originally written by Wolfgang Reszel but has been rewritten for updated cryptography and use of modern browser APIs.

The plugin is compatible with older releases of the plugin which used a MD5 based key derision function. Old style passwords will be decrypted using MD5 but any new encryption will use the new SHA-256 PKDF2 method.

Download and Installation

Search and install the plugin using the Extension Manager. Refer to Plugins on how to install plugins manually.

Please note that the modern encryption mechanisms used within this Plugin require a modern Browser, JavaScript enabled and a wiki served via HTTPS!

Changes

Syntax and Usage

Passwords are encrypted and decrypted with a passphrase. Use the same passphrase on one page, as decryption affects all passwords on a page.

Editing

Passwords are entered in the editor using the <encrypt> syntax. A “key” toolbar button will wrap any selected text into that tag.

When you save or preview any text in the editor that contains the <encrypt> syntax you will be asked for the passphrase and your tags will be converted into encrypted <decrypt> tags.

To decrypt passwords in the editor (eg. to change them) use the “unlock” toolbar button .

Viewing

When a page contains one or more encrypted passwords, they can be decrypted clicking the lock icon behind them. Clicking the lock icon will decrypt and show all passwords in the page.

Clicking a encrypted or decrypted password will automatically copy the clear text password into your clipboard.

Configuration and Settings

The plugin can be configured with the configuration manager in the admin menu.

reload_seconds Automatically hides decrypted passwords again after the configured time in seconds.
Set 0 to disable.
(default value = 120)

OpenSSL compatibility

This plugin stores secrets the same way the openssl enc does. If for any reason in the future the decrypt should stop working (for example, JavaScript issues), you can still decrypt your secrets using openssl.

Passwords encrypted with the current version of the plugin can be decrypted like this:

$> echo 'U2FsdGVkX18jbxDF9yk0oXYw6lOgmFvGwcSznfhTZ5U=' | openssl base64 -d |openssl aes-256-cbc -d -pbkdf2
enter aes-256-cbc decryption password: test
hello world

Passwords encrypted using older versions of this plugin can be decrypted like this:

$> echo 'U2FsdGVkX1/oynrOig+RoUwMNCHvJH2bcmQeAq2xaLI=' | openssl base64 -d |openssl aes-256-cbc -d -md md5
enter aes-256-cbc decryption password: test
*** WARNING : deprecated key derivation used.
Using -iter or -pbkdf2 would be better.
hello world
plugin/encryptedpasswords.txt · Last modified: 2022-02-28 14:21 by andi

Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
CC Attribution-Share Alike 4.0 International Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki