====== Encrypted Passwords Plugin ====== ---- plugin ---- description: This plugin lets you store 256 bit AES encrypted passwords in your DokuWiki pages. The password can be decrypted by clicking them. author : Andreas Gohr email : dokuwiki@cosmocode.de type : syntax, action lastupdate : 2023-12-20 compatible : Hogfather, Igor depends : conflicts : dokucrypt similar : tags : convert, encryption, password downloadurl: https://github.com/cosmocode/dokuwiki-plugin-encryptedpasswords/archive/master.zip bugtracker : https://github.com/cosmocode/dokuwiki-plugin-encryptedpasswords/issues sourcerepo : https://github.com/cosmocode/dokuwiki-plugin-encryptedpasswords ---- This plugin is useful if you want to store passwords, API Keys or other secrets directly within your page. The passwords are stored encrypted in the wiki source files, so nobody is able to find out the passwords through the file system. The encryption uses 256 bit AES-CBC symmetric encryption with the encryption key and IV derived from the given password using PKDF2 with SHA-256 using 10000 iterations. This is not the most secure mechanism available, but was chosen for it's compatibility with OpenSSL's ''enc'' mechanism (see below). This ensures your secrets can be decrypted without having to rely on the availability of this plugin. All encryption and decryption is handled client side using JavaScript. This plugin was originally written by [[reszel@werbeagentur-willers.de|Wolfgang Reszel]] but has been rewritten for updated cryptography and use of modern browser APIs. The plugin is compatible with older releases of the plugin which used a MD5 based key derision function. Old style passwords will be decrypted using MD5 but any new encryption will use the new SHA-256 PKDF2 method. ===== Download and Installation ===== Search and install the plugin using the [[plugin:extension|Extension Manager]]. Refer to [[:Plugins]] on how to install plugins manually. Please note that the modern encryption mechanisms used within this Plugin require a modern Browser, JavaScript enabled and a wiki served via HTTPS! ==== Changes ==== {{rss>https://github.com/cosmocode/dokuwiki-plugin-encryptedpasswords/commits/master.atom date 5}} ===== Syntax and Usage ===== Passwords are encrypted and decrypted with a passphrase. Use the same passphrase on one page, as decryption affects all passwords on a page. ==== Editing ==== Passwords are entered in the editor using the '''' syntax. A "key" toolbar button {{https://github.com/cosmocode/dokuwiki-plugin-encryptedpasswords/raw/master/encrypt.png}} will wrap any selected text into that tag. When you save or preview any text in the editor that contains the '''' syntax you will be asked for the passphrase and your tags will be converted into encrypted '''' tags. To decrypt passwords in the editor (eg. to change them) use the "unlock" toolbar button {{https://github.com/cosmocode/dokuwiki-plugin-encryptedpasswords/raw/master/password.png}}. ==== Viewing ==== When a page contains one or more encrypted passwords, they can be decrypted clicking the lock icon behind them. Clicking the lock icon will decrypt and show all passwords in the page. Clicking a encrypted or decrypted password will automatically copy the clear text password into your clipboard. ===== Configuration and Settings ===== The plugin can be configured with the configuration manager in the admin menu. ^''reload_seconds'' | Automatically hides decrypted passwords again after the configured time in seconds.\\ Set 0 to disable.\\ (default value = 120) | ===== OpenSSL compatibility ===== This plugin stores secrets the same way the ''openssl enc'' does. If for any reason in the future the decrypt should stop working (for example, JavaScript issues), you can still decrypt your secrets using openssl. Passwords encrypted with the current version of the plugin can be decrypted like this: $> echo 'U2FsdGVkX18jbxDF9yk0oXYw6lOgmFvGwcSznfhTZ5U=' | openssl base64 -d |openssl aes-256-cbc -d -pbkdf2 enter aes-256-cbc decryption password: test hello world Passwords encrypted using older versions of this plugin can be decrypted like this: $> echo 'U2FsdGVkX1/oynrOig+RoUwMNCHvJH2bcmQeAq2xaLI=' | openssl base64 -d |openssl aes-256-cbc -d -md md5 enter aes-256-cbc decryption password: test *** WARNING : deprecated key derivation used. Using -iter or -pbkdf2 would be better. hello world