After being instructed by Slurpee I created a request to add my blog to Planet Drupal. Prior to that I made sure that my blog feed works fine and shows posts with tag drupal-planet. My blog got accepted so: Hello Planet Drupal!
Continuing to work on custom REST resource
I followed this page on Drupal answers that helped me to get all of users with given permission type. I have implemented few basic usage scenarios:
retrieve particular user’s private or public key
retrieve public or private keys for all users
retrieve currently logged in user’s public and private keys
Sandbox development page
That was a good exercise of changing requirements and design choices after the design and planning phase - I have learned my lesson!
By using a whitelist I will be able to control on which pages the script gets loaded. I also reworked the libraries file so it only loads modules / files of the SJCL library that the user wants.
Encrypt Content Client Wrapper
ECC keys generation
I created a function for generating ECC key pairs, there are few output options and I may leave it up to sites’ admins to select their format (hex, string, base64). For now keys are generated as objects and passed to encrypt and decrypt functions on my sandbox page.
Encryption and decryption using ECC
I followed this example page on Github in order to implement asymmetric encryption on my sandbox page. Bo encrypt and decrypt functions take either public or secret keys’ objects.
Creating a data-key
Data-key is based on file-key from owncloud’s public-key encryption design. I created a function that creates a hash (sha256/sha512 - up for site’s admin to choose). The setting will be passed to drupalSettings.
Then I included it “everywhere” so my form submit call is attached to every form in Drupal, blocking them from being send because of preventDefault() function, I decided to create a whitelist of form IDs that my library should only attach to.
Objectives for week 3
- add changes to my design and documentation
- expand key generation to involve different methods and key sizes, allow user to generate and download a key file
- make ECC encryption more robust with more options to choose from
- call REST resource to retrieve all users' keys