Data encryption: Difference between revisions
From LimeSurvey Manual
Dominikvitt (talk | contribs) No edit summary |
Dominikvitt (talk | contribs) No edit summary |
||
Line 12: | Line 12: | ||
LimeSurvey use Sodium Compat library to bridge with different PHP versions. | LimeSurvey use Sodium Compat library to bridge with different PHP versions. | ||
This library | This library tentatively supports PHP 5.2.4 - 7.x (latest), but officially only supports [http://https://secure.php.net/supported-versions.php non-EOL'd versions of PHP]. | ||
Data encryption/decryption methods used in LimeSurvey are based on [https://libsodium.gitbook.io/doc/public-key_cryptography/public-key_signatures public-key signatures]. Combined key-pair, public key and secret key are contained in /application/config/security.php file. | Data encryption/decryption methods used in LimeSurvey are based on [https://libsodium.gitbook.io/doc/public-key_cryptography/public-key_signatures public-key signatures]. Combined key-pair, public key and secret key are contained in /application/config/security.php file. Keys are automatically generated on first usage of encryption feature. | ||
There are three places in LimeSurvey where data encryption is implemented: | |||
*[[Question/responses]] | |||
*[[Participants]] | |||
*[[Central participant database]] |
Revision as of 15:21, 10 April 2019
Sodium library is used to provide data encryption and decryption functionality for LimeSurvey.
Sodium is a modern, easy-to-use software library for encryption, decryption, signatures, password hashing and more. It is a portable, cross-compilable, installable, packageable fork of NaCl, with a compatible API, and an extended API to improve usability even further. Its goal is to provide all of the core operations needed to build higher-level cryptographic tools.
Sodium is cross-platforms and cross-languages. It runs on a variety of compilers and operating systems, including Windows (with MinGW or Visual Studio, x86 and x86_64), iOS and Android. Javascript and WebAssembly versions are also available and are fully supported. Bindings for all common programming languages are available and well-supported.
Version 7.2.0 and newer of the PHP programming language includes the Sodium extension (referred to as ext/sodium) as a core cryptography library. Version 2 of the PHP extension in PECL is compatible with ext/sodium in PHP 7.2.
LimeSurvey use Sodium Compat library to bridge with different PHP versions.
This library tentatively supports PHP 5.2.4 - 7.x (latest), but officially only supports non-EOL'd versions of PHP.
Data encryption/decryption methods used in LimeSurvey are based on public-key signatures. Combined key-pair, public key and secret key are contained in /application/config/security.php file. Keys are automatically generated on first usage of encryption feature.
There are three places in LimeSurvey where data encryption is implemented: