Implementation of backup_final_element that provides symmetric-key AES-256 encryption of contents. More...

Inheritance diagram for encrypted_final_element:

Public Member Functions
	__construct ($name, $attributes=null)
	Constructor - instantiates a encrypted_final_element, specifying its basic info. More...

	add_attributes ($attributes)

	annotate ($backupid)
	This function implements the annotation of the current value associating it with $itemname.

	clean_value ()

	clean_values ()

	destroy ()
	Destroy all circular references. More...

	get_attribute ($name)

	get_attributes ()
	Public API starts here.

	get_level ()

	get_name ()
	Public API starts here.

	get_parent ()

	get_value ()

	is_set ()

	process ($processor)
	This function will call to the corresponding processor method in other to make them perform the desired tasks.

	set_annotation_item ($itemname)
	This function sets the $itemname to be used when annotating.

	set_value ($value)
	Set the value of the field. More...

	to_string ($showvalue=false)

Protected Member Functions
	find_element_by_path ($path)

	find_first_parent_by_name ($name)

	get_grandoptigroupelement_or_grandparent ()

	get_grandparent ()

	get_new_attribute ($name)
	Returns one instace of the @base_attribute class to work with when attributes are added simply by name.

	set_key ($key)
	Set the encryption key manually, overriding default backup_encryptkey config. More...

	set_parent ($element)

	validate_name ($name)

Static Protected Member Functions
static	generate_encryption_random_key ($bytes)
	Generate an appropiate random key to be used for encrypting backup information. More...

Protected Attributes
	$annotationitem

string	$key = null
	cypher appropiate raw key for backups in the site. More...

Detailed Description

Implementation of backup_final_element that provides symmetric-key AES-256 encryption of contents.

This final element transparently encrypts, for secure storage and transport, any content that shouldn't be shown normally in plain text. Usually, passwords or keys that cannot use hashing algorithms, although potentially can encrypt any content. All information is encoded using base64.

Features:

requires openssl extension to work. Without it contents are completely omitted.
automatically creates an appropriate default key for the site and stores it into backup_encryptkey config (bas64 encoded).
uses a different appropriate init vector for every operation, which is transmited with the encrypted contents.
all generated data is base64 encoded for safe transmission.
automatically adds "encrypted" attribute for easier detection.
implements HMAC for providing integrity.

Copyright: 2017 onwards Eloy Lafuente (stronk7) http://stronk7.com

License: http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later

Constructor & Destructor Documentation

◆ __construct()

encrypted_final_element::__construct	(	$name,
		$attributes = `null`
	)

Constructor - instantiates a encrypted_final_element, specifying its basic info.

Overridden to automatically add the 'encrypted' attribute if missing.

Parameters

string	$name	name of the element
array	$attributes	attributes this element will handle (optional, defaults to null)

Reimplemented from base_final_element.

Member Function Documentation

◆ destroy()

base_final_element::destroy ( )

inherited

Destroy all circular references.

It helps PHP 5.2 a lot!

Reimplemented in base_nested_element.

◆ generate_encryption_random_key()

static encrypted_final_element::generate_encryption_random_key ( $bytes )

staticprotected

Generate an appropiate random key to be used for encrypting backup information.

Normally used as site default encryption key (backup_encryptkey config) and also for calculating the init vectors.

Note that until PHP 5.6.12 openssl_random_pseudo_bytes() did NOT use a "cryptographically strong algorithm" https://bugs.php.net/bug.php?id=70014 But it's beyond my crypto-knowledge when it's worth finding a real better alternative.

Parameters

int $bytes Number of bytes to determine the key length expected.

◆ set_key()

encrypted_final_element::set_key ( $key )

protected

Set the encryption key manually, overriding default backup_encryptkey config.

Parameters

string $key key to be used for encrypting. Required to be 256-bit key. Use a safe generation technique. See self::generate_encryption_random_key() below.

◆ set_value()

encrypted_final_element::set_value ( $value )

Set the value of the field.

This method sets the value of the element, encrypted using the specified key for it, defaulting to (and generating) backup_encryptkey config. HMAC is used for integrity.

Parameters

string $value plain-text content the will be stored encrypted and encoded.

Reimplemented from base_atom.

Member Data Documentation

◆ $key

string encrypted_final_element::$key = null

protected

cypher appropiate raw key for backups in the site.

Defaults to backup_encryptkey config.

The documentation for this class was generated from the following file:

backup/moodle2/backup_custom_fields.php

Public Member Functions

Protected Member Functions

Static Protected Member Functions

Protected Attributes

Detailed Description

Constructor & Destructor Documentation

◆ __construct()

Member Function Documentation

◆ destroy()

◆ generate_encryption_random_key()

◆ set_key()

◆ set_value()

Member Data Documentation

◆ $key