Setting encryptor and encryptKey dynamically via event

[Volmarg]

Hello,

Regarding the: https://github.com/mogilvie/EncryptBundle/issues/15

So I generally struggled for a longer moment with assigning container parameters dynamically but there is no simple way to go with this, would need to really make some ugly stuff which I want to avoid so I got other solution, which I've briefly tested and works.

Let me know if You would be interested in having this in Your project and if So then I will provide MR in some free time.

Solution: Adding new Event BeforeCreateEncryptionServiceListener

If You don't want this at all then please close the issue and I will just add this to my project via composer patcher package.

Oh yeah there is a bug on screenshot - but anyway just tested it briefly so it doesnt matter atm.

[mogilvie]

Hi Volmarg, If I'm understanding your use case you want to generate a unique persisted encryption key for each authenticated user at login. Then use that key for all user related encrypt and decrypt processes.

I think this could be achieved within the current bundle framework by creating a custom subscriber. The current bundle config allows you to override the default bundle subscriber and use your own.

Would that suit your purposes?

[Volmarg]

Close enough. That's my real use case:

• Project A: accessible only locally,
• Project B: accessible over internet,

I need to encrypt data in Project A then send them to Project B where the only way to get inside will be standard user authentication (login/password) and that encryption key to see the real data.

That's why I need to enforce the project to work without providing key in services.yaml and thus I've hardcoded something like 0000... just to mute the exception.

Later on when I log-in i save the key to the file, and read it from there to decrypt database, after logout or x inactivity minutes, cron removes the file from server - in case of breach.

I will take a look if this will work with Subscriber overriding.

[Volmarg]

Your solution is not going to work, I mean, If I'm, stubborn then yeah I write dirty code and make it work, but I prefer not to do so. The problems are:

• constructor is defined in the DoctrineEncryptSubscriberInterface, that makes it impossible to inject anything more,
  • call to set DI via set is not working in case of events,
• EncryptorInterface::secretKey is private

[mogilvie]

Hi Volmarg,

I've added a dispatcher, and the EncryptKeyEvent::LOAD_KEY. Also made the secretKey protected, and added a public setter method if you want to do it that way,

Let me know how you get on in master before I tag.

[Volmarg]

Thx, will check that out most likely on beginning of next week, or in this if will find a moment - I'm rather out of time now.

[mogilvie]

Did this enhancement work for you Volmarg? I'll close the issue shortly.

[dwlodarczyk13]

Hey, Volmarg here - writing from temporary account (as I'm only logged in on linux os - sitting on Windows, not switching to linux for a while - on holidays as well).

I've tested it only a bit week ago, and it didn't fully worked - there were some issues with missing use class in few places. I can't tell where and so on as I don't have access to code now, dunno when I will have it - maybe today at night or in next week.

[Volmarg]

So, in OpenSslEncryptor You are missing:

use Symfony\Component\EventDispatcher\EventDispatcherInterface;
use SpecShaper\EncryptBundle\Event\EncryptKeyEvent;
use SpecShaper\EncryptBundle\Event\EncryptKeyEvents;

besides just saying but now You got 2 pretty much same classes EncryptKeyEvent and EncryptKeyEvents, which in terms of naming are hard to distinguish one from another.

With the fixes provided above (missing use) it works as intended.

[mogilvie]

Cheers Volmarg.