key_per_user
This EXPERIMENTAL module provides a way to use an encryption key per user.
In combination with the Field Encryption module, this enables you to encrypt each user's fields with a different key.
This is a developer-only module. You will need to write custom code for it to work.
Features
Encrypt fields with a different encryption key for each user.
Post-Installation
This module requires you to use the install config (encrypt profile `key_per_user` and key `per_user`).
If you delete this config, the module will break.
Setup
In custom code, you need to extend the UserBundle to implement `KeyPerUserInterface`.
You need to implement two methods:
* `getEncryptedPerUserBundles()` This method returns a list of the entity types which have fields that should be encrypted per user.
* `getEncryptionKey()` This method returns the encryption key as a string. It should be a value that the Sodium module can work with.
How do I set up the encryption key per user?
Here's one approach.
1. On the user entity, add a text field.
2. Encrypt this field with the Field Encrypt module.
3. Restrict permissions so that users cannot view or edit this field.
4. In your UserBundle, add a function to set the value of the field to the per-user encryption key. For example, you can call `KeyPerUserGenerator::generateEncryptionKey()`.
5. Specify the bundles to encrypt per user in your UserBundle (output of `getEncryptedPerUserBundles()`).
Additional Requirements
- Field Encryption module (to encrypt fields per user)
- Sodium module (the encryption method used by this module)
- Encrypt module (dependency of Field Encryption module)
- Key module (dependency of Encrypt module)