EncryptionBundle
EncryptionBundle is a Symfony bundle whose goal is encrypt the contents of our entities before they are persisted., (*1)
Important! Batch decryption of all the data is not implemented. Once the bundle is enabled and the data is encrypted, there is no way to recover the unencrypted data., (*2)
There are many alternatives to save the data of your application encrypted, depending on the requirements and constraints.
You can encrypt the partition in which the data is saved using some operative system level encryption, you can encrypt the
data in the database using some extension of the database management system..., (*3)
Before you opt for one of them, you should be sure if it's the right one for your requirements and use case., (*4)
The EncryptionBundle was originally developed for its use in an application with a clear use case in mind. Each user of
the application could store information that refers to him and that, at least in the first stage of the application,
should not be accessed by other users of the system. The sensitive data should be stored encrypted, and only its owner
should be able to decrypt it. Another requirement to the encryption of the data was that, although initially the data was
to be encrypted and decrypted in the backend, in some moment it should be easy to move the encryption and decryption
to the client (web browser or mobile app)., (*5)
Prerequisites
This bundle assumes the use of FOSUserBundle 2.x to manage the users of the application, and therefore this should be configured
before enabling the EncryptionBundle. Please refer to the documentation of the bundle to install and configure it., (*6)
For the moment the only supported persistence provider is Doctrine, so you should use it to persist the entities that
should be encrypted., (*7)
For the key management and the encryption of the data this bundle uses openssl. You should install at least openssl-1.0.2k
in your server. You should also install and enable the php openssl extension in your server.
Please refer to the installation and configuration instructions for your platform., (*8)
Installation
Require the bundle
You can install the bundle using composer:, (*9)
composer require jagilpe/encryption
or add the package to your composer.json file directly., (*10)
Enable the bundle
To enable the bundle, you just have to register the bundle in your AppKernel.php file:, (*11)
// in AppKernel::registerBundles()
$bundles = array(
// ...
new Jagilpe\EncryptionBundle\JagilpeEncryptionBundle(),
// ...
);
Create the master encryption key
A master key is required by the bundle to be able to recover the encryption keys of the users in the per usermode, ot
to encrypt and decrypt the data in the system wide mode. To create a new master key you can use openssl:, (*12)
openssl genrsa -aes256 -out master-key.pem 8192
This will create a file called master-key.pem. Copy this file anywhere you want in your server., (*13)
Edit your config.yml file and include the route to the master key file and the pass phrase you used when you created it., (*14)
// app/config.yml
jagilpe_encryption:
master_key:
cert_file: path_to_master_key/master-key.pem
passphrase: key_pass_phrase
Documentation
The encryption is disabled as default. For further instruction about how to enable and use the bundle you can refer to
the usage documentation here, (*15)
API Reference
https://api.gilpereda.com/encryption-bundle/master/, (*16)
Wallogit.com
