search

ushahidi / Ushahidi_Web

Ushahidi v2. A platform that allows information collection, visualization and interactive mapping, allowing anyone to submit information through text messaging using a mobile phone, email or web form.
http://www.ushahidi.com
Other
898 stars 624 forks source link

Add support for encrypting report data #603

Open rjmackay opened 12 years ago

rjmackay commented 12 years ago

I'm not quite sure how this would work. But maybe you could generate a shared key on the the server and use that to encrypt data before saving to the DB. The key would be stored on the server but that passphrase would need to be known by the user before they could read the reports data.

This would be most useful if you could decrypt/encrypt reports on a case by case basis, ie. decrypt and publish public anonymized reports but encrypt other private reports

rjmackay commented 12 years ago

@jetherton re: your comment on #602 "Could we build PGP into Ushahidi so that the reports themselves are stored encrypted an could then be decrypted client side using JS?" I think decrypting in client side JS could be a nightmare, whereas there are already existing gnupg functions for php server side.
It would be easier to keep the key server side, and the user just needs to know the passphrase. Then decrypt server side, and then send the decrypted report over SSL. Do you think that makes sense? It does reduce security since if someone steals the db and private key from the server they just have to brute force the passphrase.

jetherton commented 12 years ago

@MacKay,

I know very little about PGP and encryption, you're probably right that decrypting client side would be a nightmare. I'm not online right now, but when I get connected again, I'll at least google around for 10 minutes to see what I find. Having the user send in the passcode via SSL, decrypting in PHP and then sending the results back via SSL would be a whole lot better than the current setup. At the very least it gives the people running a Ushahidi deployment a little time to do damage control and what not.

Maybe we should add some wording in the installer about picking good DB passwords, only allowing connections from the web server and what not.

At any rate this would be huge for Ushahidi and I'd love to help.

On 6/16/12 4:15 PM, Robbie MacKay wrote:

@jetherton re: your comment on #602 "Could we build PGP into Ushahidi so that the reports themselves are stored encrypted an could then be decrypted client side using JS?" I think decrypting in client side JS could be a nightmare, whereas there are already existing gnupg functions for php server side. It would be easier to keep the key server side, and the user just needs to know the passphrase. Then decrypt server side, and then send the decrypted report over SSL. Do you think that makes sense? It does reduce security since if someone steals the db and private key from the server they just have to brute force the passphrase.

Reply to this email directly or view it on GitHub: https://github.com/ushahidi/Ushahidi_Web/issues/603#issuecomment-6376509

bodacea commented 10 years ago

I've added this to the V3 features wishlist at https://phabricator.ushahidi.com/T584; please feel free to continue working on this for V2.

timmwille commented 3 years ago

what is the status on this one, I would love to test some P2P security features :dancers: