Table of Contents
Encrypted Passwords Plugin
Compatible with DokuWiki
- 2024-02-06 "Kaos" unknown
- 2023-04-04 "Jack Jackrum" unknown
- 2022-07-31 "Igor" yes
- 2020-07-29 "Hogfather" yes
This plugin lets you store 256 bit AES encrypted passwords in your DokuWiki pages. The password can be decrypted by clicking them.
This plugin is useful if you want to store passwords, API Keys or other secrets directly within your page. The passwords are stored encrypted in the wiki source files, so nobody is able to find out the passwords through the file system.
The encryption uses 256 bit AES-CBC symmetric encryption with the encryption key and IV derived from the given password using PKDF2 with SHA-256 using 10000 iterations. This is not the most secure mechanism available, but was chosen for it's compatibility with OpenSSL's enc
mechanism (see below). This ensures your secrets can be decrypted without having to rely on the availability of this plugin.
All encryption and decryption is handled client side using JavaScript.
This plugin was originally written by Wolfgang Reszel but has been rewritten for updated cryptography and use of modern browser APIs.
The plugin is compatible with older releases of the plugin which used a MD5 based key derision function. Old style passwords will be decrypted using MD5 but any new encryption will use the new SHA-256 PKDF2 method.
Download and Installation
Search and install the plugin using the Extension Manager. Refer to Plugins on how to install plugins manually.
Please note that the modern encryption mechanisms used within this Plugin require a modern Browser, JavaScript enabled and a wiki served via HTTPS!
Changes
- Version upped (2023-12-20 23:50)
- minor cleanup (2023-12-20 15:12)
- log clipboard error to console (2023-12-20 15:02)
- Version upped (2023-12-13 23:50)
- Merge pull request #16 from schplurtz/French (2023-12-13 13:56)
Syntax and Usage
Passwords are encrypted and decrypted with a passphrase. Use the same passphrase on one page, as decryption affects all passwords on a page.
Editing
Passwords are entered in the editor using the <encrypt>
syntax. A “key” toolbar button will wrap any selected text into that tag.
When you save or preview any text in the editor that contains the <encrypt>
syntax you will be asked for the passphrase and your tags will be converted into encrypted <decrypt>
tags.
To decrypt passwords in the editor (eg. to change them) use the “unlock” toolbar button .
Viewing
When a page contains one or more encrypted passwords, they can be decrypted clicking the lock icon behind them. Clicking the lock icon will decrypt and show all passwords in the page.
Clicking a encrypted or decrypted password will automatically copy the clear text password into your clipboard.
Configuration and Settings
The plugin can be configured with the configuration manager in the admin menu.
reload_seconds | Automatically hides decrypted passwords again after the configured time in seconds. Set 0 to disable. (default value = 120) |
---|
OpenSSL compatibility
This plugin stores secrets the same way the openssl enc
does. If for any reason in the future the decrypt should stop working (for example, JavaScript issues), you can still decrypt your secrets using openssl.
Passwords encrypted with the current version of the plugin can be decrypted like this:
$> echo 'U2FsdGVkX18jbxDF9yk0oXYw6lOgmFvGwcSznfhTZ5U=' | openssl base64 -d |openssl aes-256-cbc -d -pbkdf2 enter aes-256-cbc decryption password: test hello world
Passwords encrypted using older versions of this plugin can be decrypted like this:
$> echo 'U2FsdGVkX1/oynrOig+RoUwMNCHvJH2bcmQeAq2xaLI=' | openssl base64 -d |openssl aes-256-cbc -d -md md5 enter aes-256-cbc decryption password: test *** WARNING : deprecated key derivation used. Using -iter or -pbkdf2 would be better. hello world
Known Issues
- Conflicts with Dokucrypt2 plugin (both plugins attempt to parse the <encrypt></encrypt> tag). — Fumigator2 2024-03-12 02:45