GSoC Week 2: encrypt_content_client - REST resource and SJCL library

Planet Drupal

After being instructed by Slurpee I created a request to add my blog to Planet Drupal. Prior to that I made sure that my blog feed works fine and shows posts with tag drupal-planet. My blog got accepted so: Hello Planet Drupal!

Continuing to work on custom REST resource

I followed this page on Drupal answers that helped me to get all of users with given permission type. I have implemented few basic usage scenarios:

  • retrieve particular user’s private or public key

  • retrieve public or private keys for all users

  • retrieve currently logged in user’s public and private keys

I just wanted to take different use cases into account so then I have more to work with when I will write AJAX calls from the JavaScript wrapper I am working on right now.

Sandbox development page

I decided that it will be a good idea to create a development page for testing my JavaScript code. I created a new route and a form with few fields.

Encrypt Sandbox Page

Architectural changes

As I began working on the library wrapper I realized that I had to rethink using OpenPGPjs. It is a Node.JS module and I could not use it using client-side JS without additional libraries that would just make my module’s structure messy. I decided to talk to my mentor and let him know about it, after research I chose to use Stanford Javascript Crypto Library instead.

That was a good exercise of changing requirements and design choices after the design and planning phase - I have learned my lesson!

JavaScript library wrapper

The core part of my module is the encryption library JavaScript - my job is to create a wrapper that will use functions from the mentioned library. Prior to development I looked at JavaScript coding standards for Drupal.

Update library

First thing I do was to attach defined JavaScript libraries to a page, there are many ways to do so but at first I went with attaching it to every page of the module for now, so I have implemented hook_page_attachments().

By using a whitelist I will be able to control on which pages the script gets loaded. I also reworked the libraries file so it  only loads modules / files of the SJCL library that the user wants.

DrupalSettings

I also attached settings variables in the .module file so I could pass Drupal’s PHP to be accesible from my JavaScript library. I will also use it in the future to pass additional user preferences like: encryption keys format, security settings, key storage options etc.

Module attach js

Encrypt Content Client Wrapper

  • ECC keys generation

I created a function for generating ECC key pairs, there are few output options and I may leave it up to sites’ admins to select their format (hex, string, base64). For now keys are generated as objects and passed to encrypt and decrypt functions on my sandbox page.

  • Encryption and decryption using ECC

I followed this example page on Github in order to implement asymmetric encryption on my sandbox page. Bo encrypt and decrypt functions take either public or secret keys’ objects.

  • Creating a data-key

Data-key is based on file-key from owncloud’s public-key encryption design. I created a function that creates a hash (sha256/sha512 - up for site’s admin to choose). The setting will be passed to drupalSettings.  

Interesting issues

  • attaching JavaScript library to my module

I have been struggling with attaching JavaScript to my module but the issue was that I changed my module’s name and forgot to update the module’s name in .libraries.yml file.

Then I included it “everywhere” so my form submit call is attached to every form in Drupal, blocking them from being send because of preventDefault() function, I decided to create a whitelist of form IDs that my library should only attach to.

Objectives for week 3

  • add changes to my design and documentation
  • expand key generation to involve different methods and key sizes, allow user to generate and download a key file
  • make ECC encryption more robust with more options to choose from
  • call REST resource to retrieve all users' keys