Skip to end of metadata
Go to start of metadata
You are viewing an old version of this page. View the current version. Compare with Current  |   View Page History

<ac:macro ac:name="unmigrated-inline-wiki-markup"><ac:plain-text-body><![CDATA[

Zend Framework: Zend_Crypt_Xml Component Proposal

Proposed Component Name Zend_Crypt_Xml
Developer Notes http://framework.zend.com/wiki/display/ZFDEV/Zend_Crypt_Xml
Proposers Steven George
Zend Liaison TBD
Revision 1.0 - 17 July 2012: Initial Draft. (wiki revision: 4)

Table of Contents

1. Overview

In a world where security is paramount, there is a need to secure sensitive data that is stored with PHP applications on the file system. Passwords and other sensitive type data should never be stored in plain text.

Zend_Crypt_Xml is a class that allows encryption of nodes of an XML document. This would be typically used to encrypt credentials in a configuration file. This class will then allow this encrypted data to be decrypted at run-time (in memory). This means that plan-text passwords are never stored anywhere, including on the filesystem or in revision control systems.

2. References

  • (none)

3. Component Requirements, Constraints, and Acceptance Criteria

  • This component will encrypt sections of an xml document.
  • This component will rely on other components of the Zend_Crypt package to aid the encryption activity.
  • This component will require the developer to generate a public / private key set.
  • This component will require the developer to specify an encryption method.
  • We recommend building a simple web UI on top of this component to facilitate the encryption process.

4. Dependencies on Other Framework Components

  • Zend_Crypt

5. Theory of Operation

The component is instantiated by passing an instance of Zend_Crypt_* that supports two-way encryption. Once this is instantiated, the developer can pass an xml string to the "encrypt" or "decrypt" methods of Zend_Crypt_Xml.

The "encrypt" method will search the xml document for nodes that contain the attribute 'encrypt="true"'. Once found, the contents of this node will be encrypted using the given algorithm.

A number of elements will be added to the xml document:

  • "EncryptionMethod" - Outlines the encryption method that was used
  • "KeyInfo" - Provides the key
  • "CipherData" - Contains the data package
  • "EncryptedData" - Contains the encrypted data

The "decrypt" method will search the xml document for encrypted nodes. Once found, the method will read the encryption method and key and decrypt using the relevant algorithm.

6. Milestones / Tasks

  • Milestone 1: [DONE]Proposal
  • Milestone 2: Working prototype checked into the incubator
  • Milestone 3: Unit tests exist, work, and are checked into SVN.
  • Milestone 4: Initial documentation exists.

7. Class Index

  • Zend_Crypt_Xml

8. Use Cases

UC-01 Encrypting XML

html: Notify your Confluence administrator that "Bob Swift Software - HTML Plugin" requires a valid license. Reason: No license found for plugin with key: org.swift.confluence.html.

<pre>
BEFORE:
======

<?xml version="1.0"?>
<configdata>
<production>
<credentials encrypt="true">
<username>bob</username>
<password>pass123</password>
</credentials>
</production>
</configdata>

</pre>

UC-02 Decrypting XML

9. Class Skeletons

]]></ac:plain-text-body></ac:macro>

Labels:
None
Enter labels to add to this page:
Please wait 
Looking for a label? Just start typing.