search

madmatt / silverstripe-encrypt-at-rest

Encrypt data at rest in your database
7 stars 11 forks source link

Support file decryption with hash file strategy #22

Closed adrhumphreys closed 2 years ago

adrhumphreys commented 2 years ago

The problem we run into is the assumption that $file->getFilename() will return the actual path for the file name. This means that when we search $currentPath for the filename with .enc at the end to replace it, we will not find it. This then means $decryptedFilename is the same as $currentPath (which means we don't decrypt the file)

A more concrete example of the variable state after running the code that sets them:

$currentPath = $this->getFullPath($file, $visibility);
// Value: '/var/www/mysite/www/public/assets/.protected/Form-submissions/example111/9af2bbb34a/bingo-v11.jpeg.enc'
$filename = str_replace('.enc', '', $file->getFilename());
// Value: 'Form-submissions/example111/bingo-v11.jpeg'
$decryptedFilename = str_replace($file->getFilename(), $filename, $currentPath);
// Value: '/var/www/mysite/www/public/assets/.protected/Form-submissions/example111/9af2bbb34a/bingo-v11.jpeg.enc'

This is because we're searching for a version of the file without the hash