Question

Hello, I am looking for a solution to encrypt a twiki page, i try through openssl, but it is not that obvious, is there a known solution ? i find a java plugins but it was not finished.

it will be great to create a encrypted twiki page that will ask a password to be able to read through Twiki (and not possible to read on the OS level)

Thanks for your help Chris

Environment

-- ChrisKloker - 30 Mar 2005

Answer

SSL is for encrypting the data link between the browser and the server.

I'm unclear from your wording whether you want to encrypt the page on the storage, which will mean that the rendering pipeline will see it as gibberish, or password protect the page.

-- AntonAylward - 31 Mar 2005

Long ago MartinCleaver mentioned an EncryptedPagesPlugin done by RichardEllery which should be in CVS.

-- FranzJosefSilli - 31 Mar 2005

I find a workaroud, using a MS Word crypted doc attach in twiki, but could not modify it.

when i was mentionning openssl it was the command that i was using, with that i could encrypt and decrypt a file, what i wanted to do is to put this inside the rendering of Twiki so that for example if the file is not .txt but .cryp it will prompt for a password and then use openssl to decrypte...

the command:

openssl enc -in ./toto -out toto.crp -pass stdin -e -des
openssl enc -in ./toto.crp -out ./tutu -pass stdin -d -des

for a Twiki Master should be possible

-- ChrisKloker - 31 Mar 2005

I very strongly suggest you forget about using "opnssl". RTFM: SSL is a Transport Layer tool intended for networking. Your problems arrise, for the most part, from it simply being used inappropriately.

It intended as a pipeline to be placed in front of a network service. You could use it, for example, to make IMAP into IMAP-S or HTTP into HTTP-S.

TWiki reads files, not pipelines. This isnt to say that Store.pm couldn't be re-written to deal with other storage "plugins". I have sketched out a possible future form where each web could be stored on a dfferent media, with different versioning -- files, ftp, http, and rcs, svn or just backup files. This is sketched out, along with other ideas, in DataAndCodeSeparation.

Let me ask again: can you please differentiate between what you are tryoing to do and what you are trying to acheive. Encryption is a means to an end, not an end in itself.

• Do you want to password protect pages?
  If so, TWiki has its own mechanisms for this. You can also combine te basic access control with redirection, the %INCLUDE of protected pages and many other 'tricks'.
• Do you want to hide the data on the disk from other users of the system?
  If so, then you may want to make use of a loopback mechanism to mount all or part of /data/ See the manual page on losetup Once again, you can use tricks like having a 'hidden' web that is the encrypted loopback and redirecting to that, combining with access control and so forth.

But please, stop doing the equivilent os using a screwdriver to hammer in a nail. openssl was not inteded to be used like this!

-- AntonAylward - 02 Apr 2005

There is nothing existing that does what you want, AFAIK. Personally I would use an encrypted disc (supported by most operating systems) and an SSL server, and use the existing TWiki mechanisms to password protect data.

-- CrawfordCurrie - 03 Apr 2005

thanks for your answer, ok i will not use openssl, I was just looking for a solution to encrypt a page made by twiki, this is a page where we store all our password, so should be easy to access/modify but not readable at os level. what I did is to create a MS word document encrypted and link it into twiki.

-- ChrisKloker - 07 Apr 2005