Skip to main content

This site requires you to update your browser. Your browsing experience maybe affected by not having the most up to date version.

We're retiring the forums!

The SilverStripe forums have passed their heyday. They'll stick around, but will be read only. We'd encourage you to get involved in the community via the following channels instead:

General Questions /

General questions about getting started with SilverStripe that don't fit in any of the categories above.

Moderators: martimiz, Sean, Ed, biapar, Willr, Ingo, swaiba

Encrypting Data using OnBeforeWrite


Go to End


18 Posts   5367 Views

Avatar
zenmonkey

Community Member, 545 Posts

14 December 2010 at 5:02am

I'm working on an application that may need to store sensitive medical information and I was wondering can fields be encrypted/decrypted using AES_ENCRYPT() and AES_DECRYPT() or others using standard DataObject Write and Get methods? Or would I need to use an onBeforeWrite() and create functions to Manually Decrypt later?

Cheers

Avatar
zenmonkey

Community Member, 545 Posts

20 December 2010 at 2:10pm

I've decided to try using onBeforeWrite. here is my code:

    function onBeforeWrite(){
    	$modes = mcrypt_list_modes();
    	
    	/* Open the cipher */
    	$td = mcrypt_module_open('rijndael-128', '', 'ecb', '');
    	
    	/* Create the IV and determine the keysize length, use MCRYPT_RAND
		 * on Windows instead */
		$iv = mcrypt_create_iv(mcrypt_enc_get_iv_size($td), MCRYPT_DEV_RANDOM);
		$ks = mcrypt_enc_get_key_size($td);
		
		/* Create key */
		$key = substr(md5('very secret key'), 0, $ks);
    	
    	/* Intialize encryption */
	    mcrypt_generic_init($td, $key, $iv);
	    
	    $toEncrypt = $this->FirstName;
	    
	    $encrypted = mcrypt_generic($td, $toEncrypt);
	    
	    $this->setField("FirstName", $encrypted);
	    
	    /* Terminate encryption handler */
		mcrypt_generic_deinit($td);
		mcrypt_module_close($td);

    	
    	parent::onBeforeWrite();
    }

The data encrypts but won't write to the DB. is this because SilverStripe is escaping any non standard alphanumeric characters? If so how do I override

Thanks

Avatar
cumquat

Community Member, 201 Posts

8 December 2011 at 7:50pm

Hi ya,

this is something i may also need to do, did you find a suitable solution?

Regards

Mick

Avatar
zenmonkey

Community Member, 545 Posts

9 December 2011 at 3:03am

Yes, I found a solution. It turns out AES_ENCRYPT() converts the data into a binary blob, so you need to use base64_encode on the value before you can write it to the Database and base64_decode on the other end.

A word of warning on host choices though, the client used GoDaddy VPS against my advice and their default PHP install doesn't include the MCRYPT module so when I installed it on the server everything failed until I manually patched the MCRYPT module onto the server.

Avatar
cumquat

Community Member, 201 Posts

10 December 2011 at 12:00am

Cheers for that,

I'm just looking at the code now to see if it's something I can do easily enough.

Regards

Mick

Avatar
cumquat

Community Member, 201 Posts

3 May 2012 at 2:59am

Hi ya,

I'm having a play finally with the code and like you it won't write to the database, I know you mentioned that it needed to be base64 encoded is there any chance you can paste your code where you do this I have tried it with no luck so far.

Regards

Mick

Avatar
zenmonkey

Community Member, 545 Posts

3 May 2012 at 11:18am

Okay here is my full onBeforeWrite and encryption function http://pastie.org/3851142

Hopefully it helps

Avatar
cumquat

Community Member, 201 Posts

3 May 2012 at 7:27pm

Many thanks for that, i had missed out the = in the

$this->FirstName = base64_encode($encrypted[0]);
and as im doing this on a decorator i had also missed the
 $this->owner-> 
as well.
I'm entering this data via modeladmin how would i call the decrypt function for the couple of encrypted fields in the CMS?

Mick

Go to Top