`is_disabled` and `encrypt_key` empty

[Volmarg]

Hello,

No idea if that's bug or planned.

I'm creating spec_sharper_encrypt.yaml. Then I set the content:

spec_shaper_encrypt:
  is_disabled : true

Yet this is not suppressing the Needs a 256-bit key, '0'bit given! error when I have encrypt_key: "" (that's empty on purpose).

[mogilvie]

Hi Volmarg, Setting 'is_disabled' to true will disable the bundle from persisting a field as an encrypted value to the DB. However, the bundle configuration still needs an encryption key in order decrypt any existing DB data that had already been encrypted and contains the \<ENC> suffix. I have modified the OpenSSLEncryptor to catch an empty encrypt_key earlier. But the key is still required when a field in the DB contains the \<ENC> suffix.

[Volmarg]

Hey,

Thanks I will check on weekend weekend how it behaves now.

[Volmarg]

Ok so, that's not helping in my case as I would probably need to end with some kind of doctrine event to catch Your exception. But anyway I've just noticed that this key also works fine:

• encrypt_key: "0000000000000000000000000000000000000000000"

Even if it looks bad, its fine working workaround to mute the exception, since the encryption key will be provided upon login anyway.

Still thx.

[mogilvie]

So you're generating a unique encryption key for each logged in user instead of a system wide key? Then persisting that key with the user credentials. That is a bit outside the use case I envisaged for the bundle. Have you considered creating your own subscriber and checking the authenticated user for their encryption key at that point?