<ac:macro ac:name="unmigrated-inline-wiki-markup"><ac:plain-text-body><![CDATA[

Zend Framework: Zend_Crypt_Xml Component Proposal

Table of Contents

1. Overview

In a world where security is paramount, there is a need to secure sensitive data that is stored with PHP applications on the file system. This data may include passwords, and other sensitive type data that should never be stored in plain text. Zend_Crypt_Xml is a class that allows encryption of nodes of an XML document. This would be typically used to encrypt credentials in a configuration file. This class will then allow this encrypted data to be decrypted at run-time. This means that plan-text passwords are never stored anywhere, including on the filesystem and in revision control systems.

2. References

• (none)

3. Component Requirements, Constraints, and Acceptance Criteria

• This component will encrypt sections of an xml document.
• This component will rely on other components of the Zend_Crypt package to aid the encryption activity.
• This component will require the developer to generate a public / private key set.
• This component will require the developer to specify an encryption method.
• We recommend building a simple web UI on top of this component to facilitate the encryption process.

4. Dependencies on Other Framework Components

• Zend_Crypt

5. Theory of Operation

The component is instantiated by passing an instance of Zend_Crypt_* that supports two-way encryption. Once this is instantiated, the developer can pass an xml string to the "encrypt" or "decrypt" methods of Zend_Crypt_Xml.

The "encrypt" method will search the xml document for nodes that contain the attribute 'encrypt="true"'. Once found, the contents of this node will be encrypted using the given algorithm.

A number of elements will be added to the xml document:

• "EncryptionMethod" - Outlines the encryption method that was used
• "KeyInfo" - Provides the key
• "CipherData" - Contains the data package
• "EncryptedData" - Contains the encrypted data

The "decrypt" method will search the xml document for encrypted nodes. Once found, the method will read the encryption method and key and decrypt using the relevant algorithm.

6. Milestones / Tasks

• Milestone 1: [DONE]Proposal
• Milestone 2: Working prototype checked into the incubator
• Milestone 3: Unit tests exist, work, and are checked into SVN.
• Milestone 4: Initial documentation exists.

7. Class Index

• Zend_Crypt_Xml

8. Use Cases

UC-01 Encrypting XML

BEFORE:
======

<?xml version="1.0"?>
<configdata>
    <production>
        <credentials encrypt="true">
            <username>bob</username>
            <password>pass123</password>
        </credentials>
    </production>
</configdata>

AFTER:
======

<?xml version="1.0"?>
<configdata>
    <production>
        <EncryptedData><EncryptionMethod Algorithm="RSA"/><KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#"><EncryptedKey xmlns="http://www.w3.org/2001/04/xmlenc#"><CipherData><CipherValue>LS0tLS1CRUdJTiBQVUJMSUMgS0VZLS0tLS0KTUlHZk1BMEdDU3FHU0liMGGGRUJBUVEEQTRHTkFEQ0JpUUtCZ1FDOW1RSHJxbldMS450M2pseVg1d3d3S3M4TQpVRXF233UvL1oyanVhSjNxYmNhb2tEOUVusXk5TURWc3hzeTAxSjVzWnVGQXVqL1hacjVRekNmL0ViUFk5WE9xCko4d2dERUdhcy9PV0ZSejVLUDVqbE9iQkZoR2lOUXI2RHcrdUNOSDFRMlFiOUdOR0NVWjAxdVRrVVBQZE9QZmEKU1h1RWpKdlExREduaGUzbYURSURBUUFCCi0tLS0tRU5EIFBVQkxJQyBLRVktL50tLQo=</CipherValue></CipherData></EncryptedKey></KeyInfo><CipherData><CipherValue>iLjRe5p5BQDSPZKUbyVGGHRDEJB84mpRRzBw8ysrXWKYnCAWkE46cUDcy1avfAsJbItIegYv6WsbTHB+M1zbWy+o8+Jwa9lglhakgH0DznNA2z2Mo5BRDT7el0S56MbsB7E3v+yTDjF5bqynpao040PDKum6/elsTXm+vEAYrk=</CipherValue></CipherData></EncryptedData>
    </production>
</configdata>

*/

UC-02 Decrypting XML

9. Class Skeletons