TopicCryptPlugin

Encrypt parts of a topic for privacy and add digital signatures to topics

TWiki has no efficient way to restrict topic viewing from a list of users or a list of groups. Moreover one may want to forbid only parts of a topic to some users and not the whole page (e.g. hide some columns of a table). The goal of this plugin is to allow to crypt some parts of a topic when storing it into the filesystem of the hosting machine and offers the posibility to atach a digital signature for the topic content. The crypted parts are automatically decrypted before viewing or editing the topic. The advantage of this method is to defeat the use of some directives such as SEARCH for accessing to hidden (crypted) parts. Its direct drawback is that the hidden (crypted) parts cannot be taken into account by directives such as SEARCH which use direct access to the topic and then will find the crypted version of texts even when running for authorized users.

Syntax Rules

There are 3 main directives for handling topic crypting. A directive to set general crypting options, a directive to set table crypting options and a directive to encrypt a text. There are also 3 directives used for the digital signature.

%CRYPT_OPTIONS{...}%

The directive for options is

%CRYPT_OPTIONS{...}%

and can occur in the beginning of the topic to have effect on all crypting directives. This header directive can be overrided by another

%CRYPT_OPTIONS{...}%

placed at the beginning of a line, this directive apply to all crypting directives in the same line. The list of settings controled by a

%CRYPT_OPTIONS{...}%

is given in the following table:

Setting	Description	Default
method	method to use to crypt the text	base64
aclmode	precise the behaviour of ACL options	append
allowtextread	users and groups allowed to view crypted text (or * as a wildcard for everybody)	initial user who typed the text to be crypted
allowtextchange	users and groups allowed to modify crypted text (or * as a wildcard for everybody)	initial user who typed the text to be crypted
denytextread	users and groups that cannot view crypted text	void
denytextchange	users and groups that cannot modify crypted text	void
begin	shortcut delimiter for crypted text beginning	{{
end	shortcut delimiter for crypted text ending	}}
alt	an alternative string to be displayed when user is not allowed to decrypt text	void string

You can only specify base64 or rsa_xxx as crypting methods (where "xxx" stands for the name of a symetric key encryption algorithm; you ca choose between "rc4" or "rijndael"). The base64 method is totaly insecure (a mere base64 encoding) and is used only for demonstration and trial purposes. For production you must use the rsa_xxx method (for each text to be crypted, a key is generated and used to crypt the text, both this crypted text and the symetric key ciphered using the global RSA key - see below in Settings section - are saved into the topic). The lists of users and groups are comma separated lists. The list is appended to lists defined by previous setting directives unless the aclmode is set to override.

%CRYPT_TABLE_OPTIONS{...}%

This directive is used for setting crypting options for a table. It should appear in a line previous to the table itself.This feature allows a user to specify a special column in a table by inserting the following html comment in the column name <!--UserIDCol-->. Each field of this column will contain a list of twiki ids. The crypted directives found on the rows of the table will be crypted with view permission only for the users specifed in this column. The edit permissions of the the crypted texts from the table will be those set in the

%CRYPT_TABLE_OPTIONS{...}%

or the global ones.
The

%CRYPT_TABLE_OPTIONS{...}%

directive is intended so that a user can specify who is allowed to edit the crypted texts from the table or the alt option (an alternative string to be displayed when user is not allowed to decrypt text).

%CRYPT_BEGIN{...}% and %CRYPT_END%

A text to be crypted must be enclosed between the directives

%CRYPT_BEGIN{...}%

and

%CRYPT_END%

. The

%CRYPT_BEGIN{...}%

directive can take the same options as directive

%CRYPT_SETTINGS{...}%

. Another way to specify a text to be crypted is to use the shortcuts which default to

{{

and

}}

but it is not possible with this method to alter crypting settings. When one is allowed to edit a topic (by standard TWiki access control methods) and not allowed to edit some crypted texts, these texts appear in crypted form into a

directive. If the user delete or change the textual order of one of these directives it will not be allowed to save its changes. When viewing a topic, the crypted texts a user is not allowed to see are replaced by an alternative text which default to a void string.

%SIGNPAGE%

When inserted in the edit box this directive generates a "Sign" button. When pressed, a hash of the topic text is added in the page meta data.

%VALID_SIGNATURES% and %OUTDATED_SIGNATURES%

This directives are expanded into: "Valid Signatures: signature(date time),..." and "Outdated Signatures: signature(date time),...". This directives were intented to be introduced in the skin templates(for example: view.pattern.tmpl) by the admin of twiki site, so the signatures can't be modified by users.

Examples

The text below is crypted. You should see it only if you are authorized to decrypt it:

{{crypted text}}
%CRYPT_OPTIONS{allowtextread="toto"}%
{{other crypted text}}
%CRYPT_OPTIONS{allowtextread="titi"}%{{another other crypted text}}

%CRYPT_TABLE_OPTIONS{allowtextchange="TestUser1,TestUser2"}%
|*Col0*|*TWikiID*|*Col2*|
|{{line1,col0,(view 1,2)}}|TestUser2, TestUser1|{{line1,col2,(view 1,2)}}|
|{{line2,col0,(view 1,3)}}|TestUser3, TestUser1|{{line2,col2,(view 1,3)}}|

TopicCryptPlugin Settings

Plugin settings are stored as preferences variables. To reference a plugin setting write %<plugin>_<setting>%, i.e. %TOPICCRYPTPLUGIN_SHORTDESCRIPTION%

• One line description, is shown in the TextFormattingRules topic:
  • Set SHORTDESCRIPTION = Encrypt parts of a topic for privacy and add digital signatures to topics
• The default crypting method to use (change to rsa_rca4 if you want this plugin to be useful):
  • Set DEFAULT_METHOD = rsa_rc4
• Maximum number of signatures on a topic: (See output in data/debug.txt)
  • Set MAX_SIGNATURES = 5
• Debug plugin: (See output in data/debug.txt)
  • Set DEBUG = 1

Plugin Installation Instructions

• Download the tarball file from the Plugin web (see below)
• Untar TopicCryptPlugin.tgz in your twiki installation directory. Content:

  File:	Description:
  data/TWiki/TopicCryptPlugin.txt	Plugin topic
  lib/TWiki/Plugins/TopicCryptPlugin.pm	Plugin Perl module

• Create your asymetric key with openssl (currently only RSA key is supported):
  openssl genrsa -out /var/lib/twiki/cryptkey.priv 2048
• Be sure to set the variable $TopicCryptPlugin::PRIVKEY_FILE with the appropiate location of the private key file (if you change it). The default is: $PRIVKEY_FILE="/var/lib/twiki/cryptkey.priv"
• Install the following CPAN modules:
  • Mime::Base64
  • Crypt::CBC
  • Crypt::Rijndael_PP
  • Crypt::RC4
  • Crypt::OpenSSL::RSA

Plugin Info

Plugin Author:	XavierRedon?, TWiki:Main.AlexIancu
Copyright:	© 2006, TWiki:Main.AlexIancu
License:	GPL (GNU General Public License)
Plugin Version:	14 May 2006 (V1.000)
Change History:
14 May 2006:	Initial version
TWiki Dependency:	$TWiki::Plugins::VERSION 1.1
CPAN Dependencies:	Mime::Base64, Crypt::CPC, Crypt::Rijndael_PP, Crypt::RC4, Crypt::OpenSSL::RSA
Other Dependencies:	none
Perl Version:	5.005
Benchmarks:	GoodStyle 99%, FormattedSearch 98%, TopicCryptPlugin nn%
Plugin Home:	http://TWiki.org/cgi-bin/view/Plugins/TopicCryptPlugin
Feedback:	http://TWiki.org/cgi-bin/view/Plugins/TopicCryptPluginDev
Appraisal:	http://TWiki.org/cgi-bin/view/Plugins/TopicCryptPluginAppraisal

Related Topics: TWikiPlugins, DeveloperDocumentationCategory, AdminDocumentationCategory, TWikiPreferences

-- TWiki:Main.AlexIancu - 14 May 2006