How can I encrypt user-submitted content per user for a content type?

Patrick Kenny

8/6/23, 4:03 PM

Let's say I have a website where people keep a personal diary (diary content type). I have configured permissions so that each user can only read, write, and view his/her own diary.

Users can create and submit several different content types on the site; only the diary content type needs to be private.

I would like to encrypt diaries per user, ideally by tying the encryption to the user's name and password.

I surveyed the encryption modules available for Drupal, and here are the only ones with 300+ installs:

Encrypt: makes use of Real AES module and the Key module
Encryption: simpler to configure than Encrypt, single module
Dbee, which encrypts just the email addresses in the database--nifty

In addition, there is the Pubkey Encrypt module, which is an abandoned Drupal 8 module that allows encryption of data per user role.

So, to get encryption per user, I guess I would have to write this myself.

How can I encrypt content per user for a specific content type?

If this is really hard to do, I would also like to hear an answer that simply explains why this problem is harder than I think it is.

0 + 0

users

security

Stef Van Looveren

8/6/23, 4:58 PM

There is actually a talk on this topic on the Drupal developer days: https://drupalcamp.be/en/drupal-dev-days-2022/session/protected-content-asymmetrical-client-side-encryption (livestream should be available in a few days)

Score:2

Drupal

Lambic

8/6/23, 4:39 PM

The problem here isn't the encryption itself, it's easy enough to symmetrically encrypt some data before saving it to the database, it's the decryption.

In order to decrypt the data you need the key, which means you need to keep the user's password somewhere in plain text, or ask them for their password every time they want to see their "diary". Or you could decrypt it on login and leave it decrypted for the session somehow.

The other issue here is that it's not true end to end encryption. At some point in the process you will know the user's key unless you do the encryption on their computer.

0 + 0

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: How can I encrypt user-submitted content per user for a content type?

TH: ฉันจะเข้ารหัสเนื้อหาที่ผู้ใช้ส่งต่อผู้ใช้สำหรับประเภทเนื้อหาได้อย่างไร

RO: Cum pot cripta conținutul trimis de utilizator per utilizator pentru un tip de conținut?

RU: Как я могу зашифровать отправленный пользователем контент для каждого пользователя для определенного типа контента?

VI: Làm cách nào tôi có thể mã hóa nội dung do người dùng gửi cho mỗi người dùng cho một loại nội dung?

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.