key_per_user

This EXPERIMENTAL module provides a way to use an encryption key per user.

In combination with the Field Encryption module, this enables you to encrypt each user's fields with a different key.

This is a developer-only module. You will need to write custom code for it to work.

Features

Encrypt fields with a different encryption key for each user.

Post-Installation

This module requires you to use the install config (encrypt profile `key_per_user` and key `per_user`).

If you delete this config, the module will break.

Setup

In custom code, you need to extend the UserBundle to implement `KeyPerUserInterface`.

You need to implement two methods:

* `getEncryptedPerUserBundles()` This method returns a list of the entity types which have fields that should be encrypted per user.
* `getEncryptionKey()` This method returns the encryption key as a string. It should be a value that the Sodium module can work with.

How do I set up the encryption key per user?

Here's one approach.

1. On the user entity, add a text field.
2. Encrypt this field with the Field Encrypt module.
3. Restrict permissions so that users cannot view or edit this field.
4. In your UserBundle, add a function to set the value of the field to the per-user encryption key. For example, you can call `KeyPerUserGenerator::generateEncryptionKey()`.
5. Specify the bundles to encrypt per user in your UserBundle (output of `getEncryptedPerUserBundles()`).

Additional Requirements

Field Encryption module (to encrypt fields per user)
Sodium module (the encryption method used by this module)
Encrypt module (dependency of Field Encryption module)
Key module (dependency of Encrypt module)

Features

Post-Installation

Setup

How do I set up the encryption key per user?

Additional Requirements

Activity

Releases