Talha Paracha - Drupal

GSoC'16 – Pubkey Encrypt – Week 12 Report

Tue, 16 Aug 2016 00:00:00 +0000

This week marks the completion of my Google Summer of Code 2016 project Pubkey Encrypt. So I’ve spent the past 3 months building this module for Drupal 8 in the supervision of mentors Adam Bergstein (@nerdstein) and Colan Schwartz (@colan). You can download Pubkey Encrypt from its official Drupal.org project page. Accordingly, the module provides a way of encrypting data with users’ login-credentials. It is based on ownCloud’s Data Encryption Model and is an attempt of providing an easy-to-use security module for website maintainers.

GSoC'16 – Pubkey Encrypt – Week 11 Report

Wed, 10 Aug 2016 00:00:00 +0000

As you might’ve already guessed, Pubkey Encrypt is a Google Summer of Code’2016 sponsored project. As a part of the GSoC program, I’ve spent the last 2.5 months building this module for Drupal 8. The journey so far has been amazing for me and now we’re approaching the end of the program. So I spent this week in finalizing the module. For those who don’t know, Pubkey Encrypt is a security-related module which provides a way for encrypting data with users’ login credentials. But the way the module is designed, it delegates the task of actual data encryption/decryption to some other module. Previously, we were using Encrypt Test for this purpose, which was just a test sub-module within the Encrypt module, and were waiting for Real AES module to get in a stable state. A few weeks ago, I posted a patch to fix the module but its maintainers haven’t responded yet, and its HEAD is still broken. Thus we decided to use the PHPSecLib Encryption module which in turn uses the external PHP Secure Communications Library and is hence expected to be pretty secure. The task seemed quite simple but the relevant changes simply broke all the tests for Pubkey Encrypt.

GSoC'16 – Pubkey Encrypt – Week 10 Report

Tue, 02 Aug 2016 00:00:00 +0000

I started this week’s work by finishing the integration of cookies into my module. To give you some context, Pubkey Encrypt now uses cookies for temporarily storing the Private key for any user upon login. Previously, we were using sessions for this purpose, but we’ve just shifted to this new approach because Pubkey Encrypt aims to protect a website’s Data-at-Rest in compromised servers. Since sessions get stored in the servers too, the module cannot rely on sessions for keeping any secret information.

GSoC'16 – Pubkey Encrypt – Week 9 Report

Tue, 26 Jul 2016 00:00:00 +0000

I started the week by testing Field Encrypt module with my project Pubkey Encrypt. So Pubkey Encrypt provides support for encrypting data with users login credentials by generating Encryption Profiles. And Field Encrypt provides support to encrypt field values using any specified Encryption Profile. In this way, both these modules are expected to work together in harmony. I tested much and both the modules seemed to be getting along perfectly fine with each other.

GSoC'16 – Pubkey Encrypt – Week 8 Report

Wed, 20 Jul 2016 00:00:00 +0000

A discussion with Mehul Gupta (@therealssj), who is also a Google Summer of Code 2016 participant for Drupal, kicked off this week. So he is working on porting Google Login Authenticator module to Drupal 8. Like Pubkey Encrypt, his project has a dependency on Real AES module too. But Real AES for D8 is currently broken as it hasn’t been upgraded to work with the latest version of Defuse PHP Encryption library. Actually, Real AES relies on the master branch of that library, so it’s recent 2.x release broke the module. Currently, me and Mehul are using Test Encrypt module for our prototypes, while waiting for Real AES to get fixed. But since the end of GSoC is approaching and we really want to ship perfectly ready-to-use projects by the end, we’ve decided to collaborate on this issue and get the module fixed for us.

GSoC'16 – Pubkey Encrypt – Week 7 Report

Wed, 13 Jul 2016 00:00:00 +0000

This week’s work started by the integration of Travis CI into the Github repo of Pubkey Encrypt. Initially, we thought that we’d move the project from Github to D.O after releasing a working prototype of the module. But now we have decided to keep both the repos as is the case for many D8 modules. Now Travis CI is free for all open-source projects hosted on Github. For those who don’t know, Travis is a Continuous Integration software which, in simple words, makes a build of a software project upon each commit or PR in the repo and then runs the user-defined tests on it. A passing build means that the new changes pass all the tests, and a broken build denotes the other case. This is used to ensure that any new functionality added to the project doesn’t end up accidentally breaking something else in it. And such a setup is very important in any agile software development methodology, where the product is developed incrementally.

GSoC’16 – Pubkey Encrypt – Week 6 Report

Wed, 06 Jul 2016 00:00:00 +0000

Half of the Google Summer of Code coding period has passed and my project now has all the core functionality in it. For those who don’t know, Pubkey Encrypt is a D8 module in development, which aims to encrypt and secure websites’ data-at-rest using login credentials. I started week 6 work by finalizing everything we had done till then, so to get the module in shape for an immediate alpha release. I think it’s very important to release the project early, with a bit less functionality and tagged as an alpha version, instead of releasing it with full functionality at the end of GSoC. This is because of the fact that the module deals with security. And as is the case with any security-related project, there is a lot of chance for unexpected issues to come up during alpha testing in a real-world environment. Luckily, we are ahead of the project timeline we planned in February, by a few weeks. So I’m confident that we’ll be able to tackle any such issues that might come up unexpectedly, no matter how severe they are.

GSoC’16 – Pubkey Encrypt – Week 5 Report

Wed, 29 Jun 2016 00:00:00 +0000

This week I worked on making the module a bit flexible via integrating pluggable systems into it. This is something we had planned initially while writing the architecture document for the module, but couldn’t pursue it earlier because our focus was on developing a working prototype first. But since that’s done, we’ve reached the perfect time for this development. It should be noted that the pluggable systems are important because Pubkey Encrypt deals with security, and it is essential for the module’s success to be as flexible as possible. In this way, users would be able to configure the behavior of the module as per their organizational security standards and other demands not provided by the out of the box functionality.

GSoC’16 – Pubkey Encrypt – Week 4 Report

Wed, 22 Jun 2016 00:00:00 +0000

I started the week by providing test coverage for functionalities I added to the module in week 3. Since the main functionality I added was the automatic generation of keys, the tests I wrote assert for these capabilities:

GSoC’16 – Pubkey Encrypt – Week 3 Report

Tue, 14 Jun 2016 00:00:00 +0000

The basic idea behind my project Pubkey Encrypt is to encrypt data using users’ login credentials. A tight integration with the Key module is one of the most important parts in my project. So I started the week analyzing that module’s architecture. It deals with administering keys which could be used for the purposes of encryption, authentication etc. Anyone can modify the key handling logic as per the business needs since the module allows for much extensibility via these three plugin systems: