View Source

<ac:macro ac:name="unmigrated-inline-wiki-markup"><ac:plain-text-body><![CDATA[{zone-template-instance:ZFPROP:Proposal Zone Template}
{zone-data:component-name}
Zend_Crypt_Xml
{zone-data}

{zone-data:proposer-list}
[Steven George|mailto:steven.george@deakin.edu.au]
{zone-data}

{zone-data:liaison}
TBD
{zone-data}

{zone-data:revision}
1.0 - 17 July 2012: Initial Draft.
{zone-data}

{zone-data:overview}
In a world where security is paramount, there is a need to secure sensitive data that is stored with PHP applications on the file system. Passwords and other sensitive type data should never be stored in plain text.

Zend_Crypt_Xml is a class that allows encryption of nodes of an XML document. This would be typically used to encrypt credentials in a configuration file. This class will then allow this encrypted data to be decrypted at run-time (in memory). This means that plain-text passwords are never stored anywhere, including on the filesystem or in revision control systems.
{zone-data}

{zone-data:references}
* (none)
{zone-data}

{zone-data:requirements}
* This component will encrypt sections of an xml document.
* This component will rely on other components of the Zend_Crypt package to aid the encryption activity.
* This component will require the developer to generate a public / private key set.
* This component will require the developer to specify an encryption method.
* We recommend building a simple web UI on top of this component to facilitate the encryption process.
{zone-data}

{zone-data:dependencies}
* Zend_Crypt
{zone-data}

{zone-data:operation}
The component is instantiated by passing an instance of Zend_Crypt_* that supports two-way encryption. Once this is instantiated, the developer can pass an xml string to the "encrypt" or "decrypt" methods of Zend_Crypt_Xml.

The "encrypt" method will search the xml document for nodes that contain the attribute 'encrypt="true"'. Once found, the contents of this node will be encrypted using the given algorithm.

A number of elements will be added to the xml document:

* "EncryptionMethod" - Outlines the encryption method that was used
* "KeyInfo" - Provides the key
* "CipherData" - Contains the data package
* "EncryptedData" - Contains the encrypted data

The "decrypt" method will search the xml document for encrypted nodes. Once found, the method will read the encryption method and key and decrypt using the relevant algorithm.

{zone-data}

{zone-data:milestones}
* Milestone 1: \[DONE\]Proposal
* Milestone 2: Working prototype checked into the incubator
* Milestone 3: Unit tests exist, work, and are checked into SVN.
* Milestone 4: Initial documentation exists.
{zone-data}

{zone-data:class-list}
* Zend_Crypt_Xml
{zone-data}

{zone-data:use-cases}
h4. UC-01 Encrypting XML
{html}
<pre>
BEFORE:
======

&lt;?xml version=&quot;1.0&quot;?&gt;
&lt;configdata&gt;
&lt;production&gt;
&lt;credentials encrypt=&quot;true&quot;&gt;
&lt;username&gt;bob&lt;/username&gt;
&lt;password&gt;pass123&lt;/password&gt;
&lt;/credentials&gt;
&lt;/production&gt;
&lt;/configdata&gt;

</pre>
{html}

{code}
$crypt = new Zend_Crypt_Xml(new Zend_Crypt_Rsa('/path/to/privatekey.pem'));
$encryptedData = $crypt->encrypt($xml);
{code}

{html}
<pre>

AFTER:
======

&lt;?xml version=&quot;1.0&quot;?&gt;
&lt;configdata&gt;
    &lt;production&gt;
        &lt;EncryptedData&gt;&lt;EncryptionMethod Algorithm=&quot;RSA&quot;/&gt;&lt;KeyInfo xmlns=&quot;http://www.w3.org/2000/09/xmldsig#&quot;&gt;&lt;EncryptedKey xmlns=&quot;http://www.w3.org/2001/04/xmlenc#&quot;&gt;&lt;CipherData&gt;&lt;CipherValue&gt;LS0tLS1CRUdJTiBQVUJMSUMgS0VZLS0tLS0KTUlHZk1BMEdDU3FHU0liMGGGRUJBUVEEQTRHTkFEQ0JpUUtCZ1FDOW1RSHJxbldMS450M2pseVg1d3d3S3M4TQpVRXF233UvL1oyanVhSjNxYmNhb2tEOUVusXk5TURWc3hzeTAxSjVzWnVGQXVqL1hacjVRekNmL0ViUFk5WE9xCko4d2dERUdhcy9PV0ZSejVLUDVqbE9iQkZoR2lOUXI2RHcrdUNOSDFRMlFiOUdOR0NVWjAxdVRrVVBQZE9QZmEKU1h1RWpKdlExREduaGUzbYURSURBUUFCCi0tLS0tRU5EIFBVQkxJQyBLRVktL50tLQo=&lt;/CipherValue&gt;&lt;/CipherData&gt;&lt;/EncryptedKey&gt;&lt;/KeyInfo&gt;&lt;CipherData&gt;&lt;CipherValue&gt;iLjRe5p5BQDSPZKUbyVGGHRDEJB84mpRRzBw8ysrXWKYnCAWkE46cUDcy1avfAsJbItIegYv6WsbTHB+M1zbWy+o8+Jwa9lglhakgH0DznNA2z2Mo5BRDT7el0S56MbsB7E3v+yTDjF5bqynpao040PDKum6/elsTXm+vEAYrk=&lt;/CipherValue&gt;&lt;/CipherData&gt;&lt;/EncryptedData&gt;
    &lt;/production&gt;
&lt;/configdata&gt;

*/
</pre>
{html}


h4. UC-02 Decrypting XML
{code}
$crypt = new Zend_Crypt_Xml(new Zend_Crypt_Rsa('/path/to/privatekey.pem'));
$xml = $crypt->decrypt($encryptedData);
{code}

{zone-data}

{zone-data:skeletons}
{code}
class Zend_Crypt_Xml
{
/**
* @param Zend_Crypt $encryptionProvider The class to use for encryption
   */
public function __construct( $encryptionProvider = null )
{

}

/**  
* @param string $xml The xml document as a string
   *
   * @return string The encrypted xml document as a string, or false if no data found to encrypt
   */        
   public function encrypt($xml)
   {

}

/**
* @param string $xml The xml document as a string  
*  
* @return string The decrypted xml document as a string, or false if no encrypted data found
  */        
   public function decrypt($xml)
   {

}
}
{code}
{zone-data}

{zone-template-instance}]]></ac:plain-text-body></ac:macro>