Differences

This shows you the differences between two versions of the page.

--- plugin:encryptedpasswords [2018-04-27 11:42] – dead email asheenlevrai
+++ plugin:encryptedpasswords [2024-04-16 11:57] (current) – andi
@@ Line 2: / Line 2: @@
 ---- plugin ----
-description: This plugin let you store 256 bit AES encrypted passwords in your DokuWiki pages. The password can be decrypted by clicking them.
+description: This plugin lets you store 256 bit AES encrypted passwords in your DokuWiki pages. The password can be decrypted by clicking them.
-author     : Wolfgang Reszel
+author     : Andreas Gohr
-email      : reszel@werbeagentur-willers.de
+email      : dokuwiki@cosmocode.de
 type       : syntax, action
-lastupdate : 2016-06-13
+lastupdate : 2023-12-20
-compatible : "Frusterick Manners","Elenor Of Tsort",binky, "Ponder Stibbons", Hrun, 2015-08-10 "Detritus"
+compatible : Hogfather, Igor
 depends    :
-conflicts  :
+conflicts  : dokucrypt
 similar    :
 tags       : convert, encryption, password
-downloadurl: https://github.com/ssahara/dw-plugin-encryptedpasswords/archive/master.zip
+downloadurl: https://github.com/cosmocode/dokuwiki-plugin-encryptedpasswords/archive/master.zip
-bugtracker : https://github.com/ssahara/dw-plugin-encryptedpasswords/issues
+bugtracker : https://github.com/cosmocode/dokuwiki-plugin-encryptedpasswords/issues
-sourcerepo : https://github.com/ssahara/dw-plugin-encryptedpasswords
+sourcerepo : https://github.com/cosmocode/dokuwiki-plugin-encryptedpasswords
 ----
-NOTE: It seems like the email of the author (WR) is not responding anymore as of 20180427
+This plugin is useful if you want to store passwords, API Keys or other secrets directly within your page. The passwords are stored encrypted in the wiki source files, so nobody is able to find out the passwords through the file system.
-Javascript must be enabled.
+The encryption uses 256 bit AES-CBC symmetric encryption with the encryption key and IV derived from the given password using PKDF2 with SHA-256 using 10000 iterations. This is not the most secure mechanism available, but was chosen for it's compatibility with OpenSSL's ''enc'' mechanism (see below). This ensures your secrets can be decrypted without having to rely on the availability of this plugin.
-Based on the [[http://www.vincentcheung.ca/jsencryption|encryption library by Vincent Cheung]] which incorporates the [[https://github.com/mdp/gibberish-aes|Gibberish AES library by Mark Percival]]
+All encryption and decryption is handled client side using JavaScript.
-===== Download and Installation =====
+This plugin was originally written by [[reszel@werbeagentur-willers.de|Wolfgang Reszel]] but has been rewritten for updated cryptography and use of modern browser APIs.
-Download and install the plugin using the [[plugin:plugin|Plugin Manager]] using the URL given above. Refer to [[:Plugins]] on how to install plugins manually.
+The plugin is compatible with older releases of the plugin which used a MD5 based key derision function. Old style passwords will be decrypted using MD5 but any new encryption will use the new SHA-256 PKDF2 method.
-===== Syntax and Usage =====
-This plugin is useful if you want to store passwords directly within your page. The passwords are stored encrypted in the wiki source files, so nobody is able to find out the passwords through the file system.
+===== Download and Installation =====
-To encrypt text, just select your text and click the toolbar button with the grey key: ''{{https://raw.githubusercontent.com/ssahara/dw-plugin-encryptedpasswords/master/encrypt.png|button icon}}''. Use the same encryption key on one page, as decrypting affects all passwords on a page.
+Search and install the plugin using the [[plugin:extension|Extension Manager]]. Refer to [[:Plugins]] on how to install plugins manually.
-==== Example ====
+Please note that the modern encryption mechanisms used within this Plugin require a modern Browser, JavaScript enabled and a wiki served via HTTPS!
-If you select "''foo ... 58979''" of the following text:
-  foo       password
-  π         3.14159265358979  <- enter the key "pass"
-the text will be converted in the editor after encryption:
+==== Changes ====
-  <decrypt>U2FsdGVkX1+ywWIRvsyuIS0u0rFLhNk5d2rudYrUayapebwKo7AdT/xgqilvb/Zu
+{{rss>https://github.com/cosmocode/dokuwiki-plugin-encryptedpasswords/commits/master.atom date 5}}
-FdZupHudezVSbKhlF2tmg==</decrypt>  <- enter the key "pass"
-With version 2011-01-21 you can decrypt the text inside the editor by selecting a ''<decrypt>...</decrypt>'' block an pressing the button with the grey key.
+===== Syntax and Usage =====
-===== Configuration and Settings =====
+Passwords are encrypted and decrypted with a passphrase. Use the same passphrase on one page, as decryption affects all passwords on a page.
-The plugin can be configured with the configuration manager in the admin menu.
+==== Editing ====
-^''reload_seconds''  | Automatic page reload timeout (in seconds) after decryption to get back encrypted again.\\ Set 0 to disable auto-reload.\\  (default value = 120)  |
+Passwords are entered in the editor using the ''<encrypt>'' syntax. A "key" toolbar button {{https://github.com/cosmocode/dokuwiki-plugin-encryptedpasswords/raw/master/encrypt.png}} will wrap any selected text into that tag.
-===== Decryption outside of this plugin =====
+When you save or preview any text in the editor that contains the ''<encrypt>'' syntax you will be asked for the passphrase and your tags will be converted into encrypted ''<decrypt>'' tags.
-If for any reason in the future the decrypt should stop working (for example, javascript issues), you can still decrypt the encrypted test in this way (Linux syntax, but I think you can do it in Windows as well):
+To decrypt passwords in the editor (eg. to change them) use the "unlock" toolbar button {{https://github.com/cosmocode/dokuwiki-plugin-encryptedpasswords/raw/master/password.png}}.
-<code>echo  'U2FsdGVkX1/oynrOig+RoUwMNCHvJH2bcmQeAq2xaLI=' | openssl base64 -d |openssl aes-256-cbc -d</code>
+==== Viewing ====
-You can test it with password "test" (without quotes) and you should get <code>hello world</code>
+When a page contains one or more encrypted passwords, they can be decrypted clicking the lock icon behind them. Clicking the lock icon will decrypt and show all passwords in the page.
-===== Development =====
-The plugin was first developed by Wolfgang Reszel, and had been available from:\\ [[http://www.werbeagentur-willers.de/download/dokuwiki-plugins/encryptedpasswords.zip|www.werbeagentur-willers.de]] -- :!://Dead link to the zip file of version 2013-03-13//
+Clicking a encrypted or decrypted password will automatically copy the clear text password into your clipboard.
-It found that the original download link and email contact are NOT reachable.
-For the moment, the plugin which is compatible with the DW "Ponder Stibbons" is available from:\\
-https://github.com/ssahara/dw-plugin-encryptedpasswords/archive/master.zip \\
- --- [[user>s.sahara|s.sahara]] //2014-07-07 09:07//
-=== Change Log from github repository ===
+===== Configuration and Settings =====
-{{rss>https://github.com/ssahara/dw-plugin-encryptedpasswords/commits/master.atom date 5}}
-=== ToDo/Wish List ===
+The plugin can be configured with the configuration manager in the admin menu.
-  * no immediate plan
-===== Known Bugs and Issues =====
+^''reload_seconds''  | Automatically hides decrypted passwords again after the configured time in seconds.\\ Set 0 to disable.\\  (default value = 120)  |
+===== OpenSSL compatibility =====
-==== Does not work in Hrun ====
+This plugin stores secrets the same way the ''openssl enc'' does.  If for any reason in the future the decrypt should stop working (for example, JavaScript issues), you can still decrypt your secrets using openssl.
-In version Hrun, it says I can enter the password twice to confirm, but after I click OK, it fails to let me enter the password again and nothing happens. Also the icon is blank and has no key image on it.
-  * Hello, i could solved this problem with reinstalling this plugin. Maybe that solves your problem too?
+Passwords encrypted with the current version of the plugin can be decrypted like this:
+<code>
+$> echo 'U2FsdGVkX18jbxDF9yk0oXYw6lOgmFvGwcSznfhTZ5U=' | openssl base64 -d |openssl aes-256-cbc -d -pbkdf2
+enter aes-256-cbc decryption password: test
-===== Known Bugs and Issues until 2013-03-13 release =====
+hello world
-https://github.com/ssahara/dw-plugin-encryptedpasswords/tree/2013-03-13
-==== Does not escape HTML characters ====
-Using jQuery's.html() will attempt to render unencrypted strings. The fix is simple, in jsencryption.js on line 46, change it to:
-<code javascript>
-jQuery(c).text(e).after('<span class="recrypt"><a href="." onclick="location.reload(); return false;">['+enc_recrypt+']</a></span>');
 </code>
-==== Broken by Ponder Stibbons release ====
-First off, it appears the author's email is no longer valid. Next, the Ponder Stibbons release broke the plugin and you can't encrypt anymore. the fix is simple, in jsencryption.js on line 29, change it to:
-<code javascript>
-var selection = DWgetSelection(document.getElementById('wiki__text'));
-</code>
-==== Conflict with issuetracker ====
+Passwords encrypted using older versions of this plugin can be decrypted like this:
-The 2011-01-21 version of encryptedpasswords conflicts with [[doku>plugin:issuetracker]] 2011-12-13.  With both plugins installed some browsers (eg. IE 8, Chrome 15) won't allow inline editing in issuetracker's tables.((See [[http://www.fristercons.de/fcon/doku.php?id=issuetracker:issuelist&do=showcaselink&showid=33&project=fcon_project|issue 33]] for more information.))  The conflict appears to be resolved by replacing the last few lines((Starting near line 961.)) of ''encryptedpasswords/jsencryption.js'' with
+<code>
-<code javascript>
+$> echo 'U2FsdGVkX1/oynrOig+RoUwMNCHvJH2bcmQeAq2xaLI=' | openssl base64 -d |openssl aes-256-cbc -d -md md5
-if (!Array.indexOf) {
+enter aes-256-cbc decryption password: test
-	Array.prototype.indexOf = function(a, b) {
+*** WARNING : deprecated key derivation used.
-		for (var i = (b || 0); i < this.length; i++) {
+Using -iter or -pbkdf2 would be better.
-			if (this[i] == a) {
+hello world
-				return i
-			}
-		}
-		return -1;		// needed for compatibility with issuetracker plugin [Rik, 2011-12-15]
-	}
-}
 </code>
-> Thanks for the report. I updated the plugin for Dokuwiki Angua and also replaced the old Gibberish AES with the latest Version which has not that conflicting code. I hope this will fix this issue too. -- Wolfgang
-==== JS compression is breaking code ====
-> Hi, it seems that the JAVASCRIPT compression is breaking your code. At least I get an error in file ''jsencryption.js'' in line 95. Can you have a look into it. Thanks
-==== Not compatible with Ponder Stibbons (?) ====
-After dokuwiki update for Ponder Stibbons, I had problems when editing or creating encrypted content. I have not done an isolated test yet (new installation with this plugin only). As soon as I test it, I'll post the results. Thanks.
-==== Fix for Ponder Stibbons release ====
-Hi everyone, We only need to change a line in //lib/plugins/encryptedpasswords/jsencryption.js// file, line 29, I think in this new version, **getSelection** method is deprecated and now We have to use **DWgetSelection**, After you modify your file, the plugin works like a charm.
-//Before://
-<code javascript>
-var selection = getSelection(document.getElementById('wiki__text'));
-</code>
-//After//
-<code javascript>
-var selection = DWgetSelection(document.getElementById('wiki__text'));
-</code>
-> See above [[#Broken by Ponder Stibbons release]]
-===== Feature Requests =====
-Thank you very much for this plugin, it is really a pleasure to use it. But after using it for a while i have two feature-requests, which would be nice to have. Maybe someone can implement them ;-).
-. If you decrypt something, the page hops to the top. This is anoying especially for long pages, would be nice if the page stays where it was.
-. If you decrypt something, everything with the same key will be decrypted too. Would be nice to set an option to choose if all are encrypted at once. I solved this temporary by adding an random generated number to the link, but thats not really well solved. Thank you very much.
-. I use a modified DW template with a black background (text color is white). Now, whenever I encode some password using this plugin, the little dots replacing the password are blue (as a link) and they are located inside a white rectangle (I guess this one is not visible on a white background). Upon decryption of the encoded password, the text is displayed in **white** inside the white rectangle and is thus unreadable (I can "ctrl+a" the page in order to read it but that's a little inconvenient)... Would there be a way for me to change that white rectangle into a black rectangle by modifying some preference value in some configuration file? If not, would there be a way for me to modify the color of the decrypted text from white to black inside this white rectangle, again by modifying some preference value in some configuration file? Thanks a lot, -a-
- --- [[user>jin|jin]] //2015-08-18 15:09//
-Great great plugin! thanks a lot! I've only a request to make that plugin perfect: When I decrypt the page if I export to PDF I export the encrypted password only, would be great to export to pdf the clear text passwords if they are decrpyted before. Thankyou very much!
-. Hi it is possible to make this plugin compatible with the plugin edtitable? https://www.dokuwiki.org/plugin:edittable The plugin edittable provide a nicer interface for editing table but the button encrypt doesn't respond in combination with edittable und encryptedpasswords
-. A global encryption key would be great rather than setting it for each password.
->  --- [[user>Digitalin|Digitalin]] //2016-06-24 21:28// - from my experience, if you use the same password in a page for many different encrypted strings, it works. I mean, using the same password, all the encrypted strings with a unique password are displaying. This is in the case you don't want encrypt all the page because you want to organize a page with titles, infos and so on. Great plugin !