You are here

Home » API reference » AES encryption 5

README.txt in AES encryption 5

Same filename and directory in other branches
  1. 8.2 README.txt
  2. 6 README.txt
  3. 7 README.txt
; $Id $

WHAT THIS MODULE IS GOOD FOR
----------------------
This module can basically be useful in 2 ways:
1. For making your users passwords viewable by admins.
2. As a very simple general purpose AES encryption system to use in other modules.

REQUIREMENTS
----------------------
This module requires that PHP has the mcrypt extension installed. If you're on a shared host, this may not be the case and unfortunately your only option then is to mail their support and ask for it.
As far as I can tell, this module also requires a PHP version of at least 4.3.0. However this module has NOT been tested on anything less 
than PHP 5.2.

Also note that although this module SHOULD work on Windows and with a MySQL database, it has only been tested on Linux with a PostgreSQL 
database.

ABOUT KEY STORAGE METHODS
----------------------
Something you should pay attention to (if you want any sort of security) is how you store your encryption key. You have the option of storing it in the database as a normal Drupal variable, this is also the default, but it's the default only because there is no good standard location to store it. Switching to a file-based storage is strongly encouraged since storing the key in the same database as your encrypted strings will sort of nullify the point of them being encrypted in the first place. Also make sure to set the permission on the keyfile to be as restrictive as possible, assuming you're on a unix-like system running apache, I recommend setting the ownership of the file to apache with the owner being the only one allowed to read and write to it (0600). Naturally this isn't ideal either, but I haven't been able to figure out a more secure way for now. If you got any ideas, please let me know.

File

README.txt
View source 
  1. ; $Id $

  2. 

  3. WHAT THIS MODULE IS GOOD FOR

  4. ----------------------

  5. This module can basically be useful in 2 ways:

  6. 1. For making your users passwords viewable by admins.

  7. 2. As a very simple general purpose AES encryption system to use in other modules.

  8. 

  9. REQUIREMENTS

  10. ----------------------

  11. This module requires that PHP has the mcrypt extension installed. If you're on a shared host, this may not be the case and unfortunately your only option then is to mail their support and ask for it.

  12. As far as I can tell, this module also requires a PHP version of at least 4.3.0. However this module has NOT been tested on anything less 

  13. than PHP 5.2.

  14. 

  15. Also note that although this module SHOULD work on Windows and with a MySQL database, it has only been tested on Linux with a PostgreSQL 

  16. database.

  17. 

  18. ABOUT KEY STORAGE METHODS

  19. ----------------------

  20. Something you should pay attention to (if you want any sort of security) is how you store your encryption key. You have the option of storing it in the database as a normal Drupal variable, this is also the default, but it's the default only because there is no good standard location to store it. Switching to a file-based storage is strongly encouraged since storing the key in the same database as your encrypted strings will sort of nullify the point of them being encrypted in the first place. Also make sure to set the permission on the keyfile to be as restrictive as possible, assuming you're on a unix-like system running apache, I recommend setting the ownership of the file to apache with the owner being the only one allowed to read and write to it (0600). Naturally this isn't ideal either, but I haven't been able to figure out a more secure way for now. If you got any ideas, please let me know.