Jump to content

Extension:PageEncryption

From mediawiki.org
MediaWiki extensions manual
PageEncryption
Release status: stable
Implementation Hook , Special page
Description Page-level symmetric and asymmetric encryption in a dedicated namespace, completed with disposable access codes and access management
Author(s) thomas-topway-it (thomas-topway-ittalk)
Latest version 1.2 (2024-08-19)
Compatibility policy Master maintains backward compatibility.
MediaWiki 1.35+
License GNU General Public License 2.0 or later
Download
  • pageencryption-can-manage-encryption
  • pageencryption-can-handle-encryption
Quarterly downloads 3 (Ranked 130th)
Translate the PageEncryption extension if it is available at translatewiki.net

PageEncryption implements page-level symmetric and asymmetric encryption based on Sodium and Defuse php-encryption library. It includes a special page by which to manage asymmetric keys or disposable access keys to grant registered or external users access to encrypted articles, and it works with WikiEditor in a transparent way (with VisualEditor is not yet guaranteed to work, see #Known issues section) within the Encrypted: namespace.


Key-features

[edit]
  • encrypts/decrypts articles transparently (in the dedicated namespace)
  • supports both symmetric and asymmetric encryption
  • provides disposable access url to let external users access once encrypted articles
  • user-friendly interface


Installation

[edit]
  • Download and place the file(s) in a directory called PageEncryption in your extensions/ folder.
  • Add the following code at the bottom of your LocalSettings.php
<!-- place after the registration of other extensions!! -->
wfLoadExtension( 'PageEncryption' );
  • Run php maintenance/update.php (this will create the necessary database tables that this extension needs)
  • Run composer update --no-dev in the extension's folder, to install the required PHP libraries
  • Yes Done – Navigate to Special:Version on your wiki to verify that the extension is successfully installed.


Warning Warning: PageEncryption does not perform client-side E2E encryption and therefore assumes that you trust the system administrator or the wiki is self hosted. Don't use this extension if you cannot check the integrity of the extension server-side, or the system administrator isn't legally bound not to tamper with it!


How it works

[edit]
dialog to create password protected keys

PageEncryption provides an encrypted namespace (Encrypted:) where authorized users (users with right pageencryption-can-manage-encryption) can create/edit protected articles.

The extension works in a transparent way, first requiring to set a global password to create the necessary keys stored on the server, and then setting a cookie with the user-key by which to encrypt/decrypt the articles in the relevant namespace.

The password and the user-key are never stored on the server and the symmetric and asymmetric keys can only be used in conjunction with the user-key, so there is no way for system administrators (unless the extension itself has not been hacked before you set the key) to access your confidential articles/data. To learn more how it works take a look to the following: Encrypting account data with the user's login password, and the following: Modern PHP data Encryption/Decryption with Sodium extension.

PageEncryption is therefore an optimal solution when you agree with systems administrators (or the wiki is self-hosted) to take all the possible measures to protect your data, and you want to safeguard them from possible attackers.

Besides the symmetric encryption used for personal use, PageEncryption allows to encrypt any article in the Encrypted: namespace with the public key of an user registered on the wiki (provided that they have been added to the group "pageencryption-recipient" and they have created a key-pair) in order to grant access to them on an individual basis. For this to work, the recipient must be added to the group "pageencryption-recipient" and they have to create their keys when entering the wiki.

PageEncryption also allows to set disposable access-codes/urls to provide external visitors with a secret code or url through which to access confidential articles. The secret code and url can be used only once and again they are not stored on the server. You can use them to grant a single access to the recipient of sensitive data ensuring that nobody else will get access to them: of course in this case it is the editor responsibility to provide the secret key or url only through trusted channels. (a future version of the extension will include an interface to enter the access code separately from the url, this way the url and the code can be sent to the recipient using separate channels)

Also note that all encrypted versions of an article/page are relative to a given revision, therefore external users (or registered users with public key) will be able to access only the specific revision encrypted at a given time, therefore as one might expect the method doesn't grant access to future revisions of the same article/page.


Encrypt/decrypt articles

[edit]

In order to encrypt articles either for personal use, or to securely share them with specific recipients, just create an article in the Encrypted: namespace as you would do with standard wiki articles. After setting the keys through the popup (it shows up automatically when needed), the article content will be encrypted/decrypted transparently as long as you are the editor.

The lock icon on the right informs that the article is encrypted.



The history can also be accessed seamlessly:



On the other side, this is how the article appears when accessed from unauthorized users (including wiki administrators/sysops)




Special page Manage access

[edit]

If you want to grant to other users on the same wiki or to external users, access to an encrypted article, this can be done by the special page "Manage access" reachable either from the actions menu and the list of special pages.


Access can be granted in the following ways:

1) by creating an arbitrary number of disposable codes/url by which to grant to external visitors one-time access to them, also setting an expiration date for the access code/secret url

2) adding registered users to the "pageencryption-recipient" group (or assigning the "pageencryption-can-handle-encryption" right) and encrypting the article revision with their public key (once that they have entered the wiki after being added to the group)



Once the code/secret url is generated, you can provide it to your recipient through a secure channel (for instance by an encrypted chat message, sms, or secure email message) and the extension will record access time and other access-related information, if enabled.

By contrast, if you have granted access to the article using an asymmetric key (only for registered users who have created their keys) you can send them the url of the article and they will be able to access it in a transparent way after signing in to the wiki and by entering their PageEncryption password.


Rights and privileges

[edit]

The extension creates the following user rights.

right description
pageencryption-can-manage-encryption Can manage encryption
pageencryption-can-handle-encryption Can handle encryption


Groups

[edit]
group pageencryption-can-manage-encryption pageencryption-can-handle-encryption
sysop v v
bureaucrat v v
pageencryption-admin v v
pageencryption-recipient x v


Under the hood

[edit]

The extension redefines the RevisionStore and RevisionLookup services, and manipulates (i.e. encrypts/decrypts) the RevisionRecord as soon as it is retrieved from the database. Cache is disabled for the Encrypted namespace, and makeAutoSummary on Manual:Hooks/MultiContentSave is disabled as well. The extension does not manipulate EditPage through Manual:Hooks/AlternateEdit as one might expect in similar cases. (thanks to the mocked-up RevisionRecord handled at a lower level).


Known issues

[edit]


For professional support please write at the email address posted here


Road-map

[edit]
  • simple form/UI by which to enter an access code (instead than just using the secret url)
  • asymmetric encryption for registered users
  • encrypt/decrypt uploaded files seamlessly


See also

[edit]