This plugin is useful if you want to store passwords, API Keys or other secrets directly within your page. The passwords are stored encrypted in the wiki source files, so nobody is able to find out the passwords through the file system.

The encryption uses 256 bit AES-CBC symmetric encryption with the encryption key and IV derived from the given password using PKDF2 with SHA-256 using 10000 iterations. This is not the most secure mechanism available, but was chosen for it's compatibility with OpenSSL's enc mechanism (see below). This ensures your secrets can be decrypted without having to rely on the availability of this plugin.

All encryption and decryption is handled client side using JavaScript.

This plugin was originally written by Wolfgang Reszel but has been rewritten for updated cryptography and use of modern browser APIs.

The plugin is compatible with older releases of the plugin which used a MD5 based key derision function. Old style passwords will be decrypted using MD5 but any new encryption will use the new SHA-256 PKDF2 method.

Search and install the plugin using the Extension Manager. Refer to Plugins on how to install plugins manually.

Please note that the modern encryption mechanisms used within this Plugin require a modern Browser, JavaScript enabled and a wiki served via HTTPS!

• Version upped (2023-12-20 23:50)
• minor cleanup (2023-12-20 15:12)
• log clipboard error to console (2023-12-20 15:02)
• Version upped (2023-12-13 23:50)
• Merge pull request #16 from schplurtz/French (2023-12-13 13:56)

Passwords are encrypted and decrypted with a passphrase. Use the same passphrase on one page, as decryption affects all passwords on a page.

Passwords are entered in the editor using the <encrypt> syntax. A “key” toolbar button will wrap any selected text into that tag.

When you save or preview any text in the editor that contains the <encrypt> syntax you will be asked for the passphrase and your tags will be converted into encrypted <decrypt> tags.

To decrypt passwords in the editor (eg. to change them) use the “unlock” toolbar button .

When a page contains one or more encrypted passwords, they can be decrypted clicking the lock icon behind them. Clicking the lock icon will decrypt and show all passwords in the page.

Clicking a encrypted or decrypted password will automatically copy the clear text password into your clipboard.

The plugin can be configured with the configuration manager in the admin menu.

This plugin stores secrets the same way the openssl enc does. If for any reason in the future the decrypt should stop working (for example, JavaScript issues), you can still decrypt your secrets using openssl.

Passwords encrypted with the current version of the plugin can be decrypted like this:

$> echo 'U2FsdGVkX18jbxDF9yk0oXYw6lOgmFvGwcSznfhTZ5U=' | openssl base64 -d |openssl aes-256-cbc -d -pbkdf2
enter aes-256-cbc decryption password: test
hello world

Passwords encrypted using older versions of this plugin can be decrypted like this:

$> echo 'U2FsdGVkX1/oynrOig+RoUwMNCHvJH2bcmQeAq2xaLI=' | openssl base64 -d |openssl aes-256-cbc -d -md md5
enter aes-256-cbc decryption password: test
*** WARNING : deprecated key derivation used.
Using -iter or -pbkdf2 would be better.
hello world