TopicCryptPlugin

Page contents

Introduction
Syntax Rules
Examples
TopicCryptPlugin Settings
Plugin Installation Instructions
Plugin Info

Encrypt parts of a topic for privacy and add digital signatures to topics

Introduction

TWiki has no efficient way to restrict topic viewing from a list of users or a list of groups. Moreover one may want to forbid only parts of a topic to some users and not the whole page (e.g. hide some columns of a table). The goal of this plugin is to allow to crypt some parts of a topic when storing it into the file system of the hosting machine and offers the possibility to attach a digital signature for the topic content. The encrypted parts are automatically decrypted before viewing or editing the topic. The advantage of this method is to defeat the use of some directives such as SEARCH for accessing to hidden (encrypted) parts. Its direct drawback is that the hidden (encrypted) parts cannot be taken into account by directives such as SEARCH which use direct access to the topic and then will find the encrypted version of texts even when running for authorized users.

Syntax Rules

There are 3 main directives for handling topic encrypting. A directive to set general encrypting options, a directive to set table encrypting options and a directive to encrypt a text. There are also 3 directives used for the digital signature.

`%CRYPT_OPTIONS{...}%`

The directive for options is %CRYPT_OPTIONS{...}% and can occur in the beginning of the topic to have effect on all crypting directives. This header directive can be overrided by another %CRYPT_OPTIONS{...}% placed at the beginning of a line, this directive apply to all encrypting directives in the same line. The list of settings controlled by a %CRYPT_OPTIONS{...}% is given in the following table:

Setting	Description	Default
method	method to use to encrypt the text	`base64`
aclmode	precise the behavior of ACL options	`append`
allowtextread	users and groups allowed to view encrypted text (or `*` as a wildcard for everybody)	initial user who typed the text to be encrypted
allowtextchange	users and groups allowed to modify encrypted text (or `*` as a wildcard for everybody)	initial user who typed the text to be encrypted
denytextread	users and groups that cannot view encrypted text	void
denytextchange	users and groups that cannot modify encrypted text	void
begin	shortcut delimiter for encrypted text beginning	`{{`
end	shortcut delimiter for encrypted text ending	`}}`
alt	an alternative string to be displayed when user is not allowed to decrypt text	void string

You can only specify base64 or rsa_xxx as crypting methods (where "xxx" stands for the name of a symmetric key encryption algorithm; you ca choose between "rc4" or "rijndael"). The base64 method is totally insecure (a mere base64 encoding) and is used only for demonstration and trial purposes. For production you must use the rsa_xxx method (for each text to be encrypted, a key is generated and used to crypt the text, both this encrypted text and the symmetric key ciphered using the global RSA key - see below in Settings section - are saved into the topic).

The lists of users and groups are comma separated lists. The list is appended to lists defined by previous setting directives unless the aclmode is set to override.

`%CRYPT_TABLE_OPTIONS{...}%`

This directive is used for setting encrypting options for a table. It should appear in a line previous to the table itself.This feature allows a user to specify a special column in a table by inserting the following HTML comment in the column name . Each field of this column will contain a list of twiki ids. The encrypted directives found on the rows of the table will be encrypted with view permission only for the users specified in this column. The edit permissions of the the encrypted texts from the table will be those set in the %CRYPT_TABLE_OPTIONS{...}% or the global ones.

The %CRYPT_TABLE_OPTIONS{...}% directive is intended so that a user can specify who is allowed to edit the encrypted texts from the table or the alt option (an alternative string to be displayed when user is not allowed to decrypt text).

`%CRYPT_BEGIN{...}%` and `%CRYPT_END%`

A text to be encrypted must be enclosed between the directives %CRYPT_BEGIN{...}% and %CRYPT_END%. The %CRYPT_BEGIN{...}% directive can take the same options as directive %CRYPT_SETTINGS{...}%. Another way to specify a text to be encrypted is to use the shortcuts which default to {{ and }} but it is not possible with this method to alter the encrypting settings.

When one is allowed to edit a topic (by standard TWiki access control methods) and not allowed to edit some encrypted texts, these texts appear in encrypted form into a <verbatim>...</verbatim> directive. If the user delete or change the textual order of one of these directives it will not be allowed to save its changes.

When viewing a topic, the encrypted texts a user is not allowed to see are replaced by an alternative text which default to a void string.

`%SIGNPAGE%`

When inserted in the edit box this directive generates a "Sign" button. When pressed, a hash of the topic text is added in the page meta data.

`%VALID_SIGNATURES%` and `%OUTDATED_SIGNATURES%`

This directives are expanded into: "Valid Signatures: signature(date time),..." and "Outdated Signatures: signature(date time),...". This directives are intended to be used in the skin templates (for example view.pattern.tmpl) by the admin of TWiki site, so the signatures can't be modified by users.

Examples

The text below is encrypted. You should see it only if you are authorized to decrypt it:

{{crypted text}}
%CRYPT_OPTIONS{allowtextread="toto"}%
{{other crypted text}}
%CRYPT_OPTIONS{allowtextread="titi"}%{{another other crypted text}}

%CRYPT_TABLE_OPTIONS{allowtextchange="TestUser1,TestUser2"}%
|*Col0*|*TWikiID*|*Col2*|
|{{line1,col0,(view 1,2)}}|TestUser2, TestUser1|{{line1,col2,(view 1,2)}}|
|{{line2,col0,(view 1,3)}}|TestUser3, TestUser1|{{line2,col2,(view 1,3)}}|