Skip to main content

This site requires you to update your browser. Your browsing experience maybe affected by not having the most up to date version.

General Questions /

General questions about getting started with SilverStripe that don't fit in any of the categories above.

Moderators: martimiz, Sean, biapar, Willr, Ingo, swaiba

Encrypting Data using OnBeforeWrite


Go to End
Reply


18 Posts   3903 Views

Avatar
zenmonkey

Community Member, 541 Posts

14 December 2010 at 5:02am

I'm working on an application that may need to store sensitive medical information and I was wondering can fields be encrypted/decrypted using AES_ENCRYPT() and AES_DECRYPT() or others using standard DataObject Write and Get methods? Or would I need to use an onBeforeWrite() and create functions to Manually Decrypt later?

Cheers

Avatar
zenmonkey

Community Member, 541 Posts

20 December 2010 at 2:10pm

I've decided to try using onBeforeWrite. here is my code:

    function onBeforeWrite(){
    	$modes = mcrypt_list_modes();
    	
    	/* Open the cipher */
    	$td = mcrypt_module_open('rijndael-128', '', 'ecb', '');
    	
    	/* Create the IV and determine the keysize length, use MCRYPT_RAND
		 * on Windows instead */
		$iv = mcrypt_create_iv(mcrypt_enc_get_iv_size($td), MCRYPT_DEV_RANDOM);
		$ks = mcrypt_enc_get_key_size($td);
		
		/* Create key */
		$key = substr(md5('very secret key'), 0, $ks);
    	
    	/* Intialize encryption */
	    mcrypt_generic_init($td, $key, $iv);
	    
	    $toEncrypt = $this->FirstName;
	    
	    $encrypted = mcrypt_generic($td, $toEncrypt);
	    
	    $this->setField("FirstName", $encrypted);
	    
	    /* Terminate encryption handler */
		mcrypt_generic_deinit($td);
		mcrypt_module_close($td);

    	
    	parent::onBeforeWrite();
    }

The data encrypts but won't write to the DB. is this because SilverStripe is escaping any non standard alphanumeric characters? If so how do I override

Thanks

Avatar
cumquat

Community Member, 200 Posts

8 December 2011 at 7:50pm

Hi ya,

this is something i may also need to do, did you find a suitable solution?

Regards

Mick

Avatar
zenmonkey

Community Member, 541 Posts

9 December 2011 at 3:03am

Yes, I found a solution. It turns out AES_ENCRYPT() converts the data into a binary blob, so you need to use base64_encode on the value before you can write it to the Database and base64_decode on the other end.

A word of warning on host choices though, the client used GoDaddy VPS against my advice and their default PHP install doesn't include the MCRYPT module so when I installed it on the server everything failed until I manually patched the MCRYPT module onto the server.

Avatar
cumquat

Community Member, 200 Posts

10 December 2011 at 12:00am

Cheers for that,

I'm just looking at the code now to see if it's something I can do easily enough.

Regards

Mick

Avatar
cumquat

Community Member, 200 Posts

3 May 2012 at 2:59am

Hi ya,

I'm having a play finally with the code and like you it won't write to the database, I know you mentioned that it needed to be base64 encoded is there any chance you can paste your code where you do this I have tried it with no luck so far.

Regards

Mick

Avatar
zenmonkey

Community Member, 541 Posts

3 May 2012 at 11:18am

Okay here is my full onBeforeWrite and encryption function http://pastie.org/3851142

Hopefully it helps

Avatar
cumquat

Community Member, 200 Posts

3 May 2012 at 7:27pm

Many thanks for that, i had missed out the = in the

$this->FirstName = base64_encode($encrypted[0]);
and as im doing this on a decorator i had also missed the
 $this->owner-> 
as well.
I'm entering this data via modeladmin how would i call the decrypt function for the couple of encrypted fields in the CMS?

Mick

Go to Top