You are here

Home » API reference » Real AES 8.2

README.txt in Real AES 8.2

Same filename and directory in other branches
  1. 8 README.txt
  2. 7.2 README.txt
  3. 7 README.txt
## Overview

Real AES provides an encryption method plugin for the
[Encrypt](https://drupal.org/project/encrypt) module. This plugin offers AES encryption
using CBC mode and HMAC authentication through the
[Defuse PHP-Encryption](https://github.com/defuse/php-encryption) library.

## Requirements

- PHP 5.4 or later, with the OpenSSL extension
- Defuse PHP-Encryption library

## Installation

Install the Drupal 8 version of Real AES using Composer, after ensuring that your
composer.json file includes packages.drupal.org/8 as a repository:

`composer require drupal/real_aes`

## Configuration

Configure your site for encryption in Drupal 8 as follows:

1. Enable Real AES, Encrypt, and Key
2. Create a key using the Key module (at /admin/config/system/keys/add)
	 - Select "Encryption" for the key type
	 - Select "256" for the key size
	 - Select your preferred key provider and enter provider-specific settings
	 - The Configuration provider is fine for use during development, but should not be
	 	used on a production website
	 - The File provider is more secure, especially if the file is stored outside of the
	 	web root directory
	 - An even more secure option would be to use an off-site key management service, such
	 	as [Lockr](https://www.drupal.org/project/lockr) or
	 	[Townsend Security's Alliance Key Manager](https://www.drupal.org/project/townsec_key)
	 - Click "Save"
3. Create an encryption profile using the Encrypt module (at
   /admin/config/system/encryption/profiles/add)
	 - Select "Authenticated AES (Real AES)" for the encryption method
	 - Select the name of the key definition you created in step 2
	 - Click "Save"
4. Test your encryption by selecting "Test" under "Operations" for the encryption
   profile on the profiles listing page (/admin/config/system/encryption/profiles)

## About Authenticated Encryption

Authenticated encryption ensures data integrity of the ciphertext. When decrypting,
integrity is checked first. Further decryption operations will only be executed when the
integrity check passes. This prevents certain ciphertext attacks on AES in CBC mode.

## Credits

This module was created by [LimoenGroen](https://limoengroen.nl/) after carefully
considering the various encryption modules and libraries available.

The port to Drupal 8 was performed by [Sven Decabooter](/u/svendecabooter), supported by
[Acquia](https://www.acquia.com/).

The library doing the actual work,
[Defuse PHP-Encryption](https://github.com/defuse/php-encryption), is maintained by
Taylor Hornby and Scott Arciszewski

File

README.txt
View source 
  1. ## Overview

  2. 

  3. Real AES provides an encryption method plugin for the

  4. [Encrypt](https://drupal.org/project/encrypt) module. This plugin offers AES encryption

  5. using CBC mode and HMAC authentication through the

  6. [Defuse PHP-Encryption](https://github.com/defuse/php-encryption) library.

  7. 

  8. ## Requirements

  9. 

  10. - PHP 5.4 or later, with the OpenSSL extension

  11. - Defuse PHP-Encryption library

  12. 

  13. ## Installation

  14. 

  15. Install the Drupal 8 version of Real AES using Composer, after ensuring that your

  16. composer.json file includes packages.drupal.org/8 as a repository:

  17. 

  18. `composer require drupal/real_aes`

  19. 

  20. ## Configuration

  21. 

  22. Configure your site for encryption in Drupal 8 as follows:

  23. 

  24. 1. Enable Real AES, Encrypt, and Key

  25. 2. Create a key using the Key module (at /admin/config/system/keys/add)

  26. 	 - Select "Encryption" for the key type

  27. 	 - Select "256" for the key size

  28. 	 - Select your preferred key provider and enter provider-specific settings

  29. 	 - The Configuration provider is fine for use during development, but should not be

  30. 	 	used on a production website

  31. 	 - The File provider is more secure, especially if the file is stored outside of the

  32. 	 	web root directory

  33. 	 - An even more secure option would be to use an off-site key management service, such

  34. 	 	as [Lockr](https://www.drupal.org/project/lockr) or

  35. 	 	[Townsend Security's Alliance Key Manager](https://www.drupal.org/project/townsec_key)

  36. 	 - Click "Save"

  37. 3. Create an encryption profile using the Encrypt module (at

  38.    /admin/config/system/encryption/profiles/add)

  39. 	 - Select "Authenticated AES (Real AES)" for the encryption method

  40. 	 - Select the name of the key definition you created in step 2

  41. 	 - Click "Save"

  42. 4. Test your encryption by selecting "Test" under "Operations" for the encryption

  43.    profile on the profiles listing page (/admin/config/system/encryption/profiles)

  44. 

  45. ## About Authenticated Encryption

  46. 

  47. Authenticated encryption ensures data integrity of the ciphertext. When decrypting,

  48. integrity is checked first. Further decryption operations will only be executed when the

  49. integrity check passes. This prevents certain ciphertext attacks on AES in CBC mode.

  50. 

  51. ## Credits

  52. 

  53. This module was created by [LimoenGroen](https://limoengroen.nl/) after carefully

  54. considering the various encryption modules and libraries available.

  55. 

  56. The port to Drupal 8 was performed by [Sven Decabooter](/u/svendecabooter), supported by

  57. [Acquia](https://www.acquia.com/).

  58. 

  59. The library doing the actual work,

  60. [Defuse PHP-Encryption](https://github.com/defuse/php-encryption), is maintained by

  61. Taylor Hornby and Scott Arciszewski