Data encryption: Difference between revisions

  New LS4 feature

Sodium library is used to provide data encryption and decryption functionality for LimeSurvey.

Sodium is a modern, easy-to-use software library for encryption, decryption, signatures, password hashing and more. It is a portable, cross-compilable, installable, packageable fork of NaCl, with a compatible API, and an extended API to improve usability even further. Its goal is to provide all of the core operations needed to build higher-level cryptographic tools.

Sodium is cross-platforms and cross-languages. It runs on a variety of compilers and operating systems, including Windows (with MinGW or Visual Studio, x86 and x86_64), iOS and Android. Javascript and WebAssembly versions are also available and are fully supported. Bindings for all common programming languages are available and well-supported.

Version 7.2.0 and newer of the PHP programming language includes the Sodium extension (referred to as ext/sodium) as a core cryptography library. Version 2 of the PHP extension in PECL is compatible with ext/sodium in PHP 7.2.

LimeSurvey use Sodium Compat library to bridge with different PHP versions. This library tentatively supports PHP 5.2.4 - 7.x (latest), but officially only supports non-EOL'd versions of PHP.

Data encryption/decryption methods used in LimeSurvey are based on public-key signatures. Combined key-pair, public key and secret key are contained in /application/config/security.php file. Keys are automatically generated on first usage of encryption feature.

There are three places in LimeSurvey where data encryption is implemented:

• Question/responses
• Participants
• Central participant database