Encrypt Plugin (WORK IN PROGRESS)

Introduction

This plugin can be used to securely hide some text in a TWiki topic, such as passwords that should be accessible by an individual or a small group only. Currently Crypt::Blowfish Blowfish is used to encrypt text.

This will be expanded to include RSA RC4 is used to encrypt text, which is the same technology used in Secure Sockets Layer (SSL) to protect Internet traffic and WEP to secure wireless networks.

Syntax Rules

Add %ENCRYPT{"any text"}% anywhere in a TWiki page.

Supported parameters:

• "any text": Text to encrypt
• allow="...": A list of TWiki groups and/or users who are allowed to view/edit encrypted text (comma space delimited list of WikiWords)
• display="...": The string to display when the viewer/editor is not allowed (Default is: ******)
• _dont_change="...": Identifier, added automatically after saving the page for the first time. Do not change.

Users who are allowed to view the encrypted text see:

• the plain text in view mode
• the plain text inside the %ENCRYPT{...}% variable when in edit mode

Users who are not allowed to view the encrypted text see:

• ***** asterisks in view mode
• a hash string inside the %ENCRYPT{...}% variable when in edit mode

Note that search cannot find encrypted text. This can be an advantage or a disadvantage depending how you look at it.

Examples

1. Encrypt text for my own use only

%ENCRYPT{"Jimmy Neutron"}% encrypts text "Jimmy Neutron" to be viewable/editable only by the user who added the ENCRYPT variable.

• %ENCRYPT{" Jimmy Neutron " allow="CraigMeyer" display="You can't see this! "}%
• This is what is coded: %ENCRYPT{" Jimmy Neutron " allow="CraigMeyer" display="You can't see this! "}%
• Second copy for testing %ENCRYPT{" Jimmy Neutron " allow="CraigMeyer" display="You can't see this! "}%

2. Encrypt text for my group

%ENCRYPT{"Helpdesk password: h3lp-Cu$t" allow="SupportGroup"}% encrypts text to be viewable/editable by SupportGroup members only.

After saving, the ENCRYPT variable is changed to %ENCRYPT{_dont_change="PPq2ez7j"}%. A member of the group sees Helpdesk password: h3lp-Cu$t when looking at the topic, and %ENCRYPT{"Helpdesk password: h3lp-Cu$t" allow="SupportGroup" _dont_change="PPq2ez7j"}% when editing the topic. That is, members can change the encrypted text and the access restriction.

Other people see ***** when looking at the page, and %ENCRYPT{_dont_change="PPq2ez7j"}% when editing the page. A non-member could change the ENCRYPT parameter the wiki way, which would invalidate the encrypted text. If this happens, anyone can view and restore the original text from a previous topic version, thus it is possible restore the encrypted text.

Plugin Info

Plugin Author:	TWiki:Main.PeterThoeny, Twiki, Inc., TWiki:Main.CraigMeyer
Copyright:	© 2010 TWiki:Main.CraigMeyer, © 2010, TWiki:Main.PeterThoeny © 2010, TWiki:TWiki.TWikiContributor
License:	GPL (GNU General Public License)
Plugin Version:	%$VERSION%
Change History:
2010-12-5:	First working version - still some loose ends
2010-11-15:	Initial version
TWiki Dependency:	$TWiki::Plugins::VERSION 1.1
CPAN Dependencies:	CPAN:Mime::Base64, CPAN:Crypt::CBC, CPAN:Crypt::Rijndael_PP, CPAN:Crypt::RC4, CPAN:Crypt::OpenSSL::RSA
Other Dependencies:	openssl to generate the asymetric key
Perl Version:	5.008
Benchmarks:	GoodStyle nn%, FormattedSearch nn%, EncryptPlugin nn%
Plugin Home:	http://TWiki.org/cgi-bin/view/Plugins/EncryptPlugin
Feedback:	http://TWiki.org/cgi-bin/view/Plugins/EncryptPluginDev
Appraisal:	http://TWiki.org/cgi-bin/view/Plugins/EncryptPluginAppraisal

Related Topics: VarENCRYPT, TWikiPlugins, DeveloperDocumentationCategory, AdminDocumentationCategory, TWikiPreferences

-- PeterThoeny - 2010-11-15