End to end encryption plugin
Published December 1st, 2013 under Plugins
I spent the whole of today camped out in a Kiwi cafe in Berlin, nutting out how to handle end to end encryption in WordPress. The result of all that effort, is a WordPress plugin called “End to end”.
If you are insanely paranoid, or simply have sensitive data you don’t want to trust being stored in the clear on your server (which WordPress does by default), then this plugin is for you.
You can download it from the End to end WordPress plugin page.
This isn’t a perfect solution for handling encryption within WordPress. It doesn’t handle post titles or images, but it does encrypt the post content very strongly.
There are other plugins out there which claim to encrypt your posts, but I haven’t seen any which do it in a secure way. There is virtually no point whatsoever in encrypting something in a database, if the decryption key is sitting in clear text on the same server :/, yet this is how most of these plugins seem to work.
The downside of course to true end to end encryption, is that WordPress itself can’t read your content, which makes many filters, search tools etc. redundant. It’s likely that most people will only want to encrypt some of their content anyway though, so hopefully that won’t be a huge problem. Personally, I only need to encrypt the most extremely sensitive data I have. Currently I don’t store that stuff online because I didn’t have anywhere I trusted to store it.
Robert says:
Hi Ryan,
I’ve tried your plugin but it’s not working for me.
No encryption at all (I even checked in the database).
I read carefully your “how to”. Everything seems so simple.
I’ve tried on shared hosting.
It is possible that is has something to do with the hosting server?
Thank You
Robert
October 30, 2014 at 3:17 pm # //
Ryan Hellyer says:
This definitely won’t be a hosting environment problem.
Can you see the encrypted code when you punch in a key and hit “Publish”? It should flash the encrypted code, reload the page and display only the encrypted version until you re-enter your decryption key again.
If it’s not doing that, then I suggest checking the browser console and looking for JavaScript errors. My best guess, is that you are encountering an issue with the JavaScript not running for some reason.
October 30, 2014 at 3:51 pm # //
Robert says:
Hi Ryan,
Thank you for your reply.
I took a look at JavaScript error and I found this : “ReferenceError : end2end_set is not defined” Line 16
October 30, 2014 at 5:27 pm # //
Robert says:
Hi Ryan,
To be more precise, I realized I have two errors :
end2end_set is not defined
Source File: wp-content/plugins/end-to-end/js/init.js?ver=1.2
Line: 16
AND
content is null
Source File: resource://gre/modules/commonjs/framescript/tab-events.js
Line: 40
October 30, 2014 at 5:52 pm # //
Ryan Hellyer says:
I’d need to have a close look at your setup (ie: ssh and wp-admin access) to work out what may be causing that problem sorry.
It looks like some of the HTML is not showing up, but I’m not sure why.
Is there definitely an input box displayed for you to punch an encryption key into?
October 30, 2014 at 6:15 pm # //
Robert says:
Hi Ryan,
Yes, there is an input box displayed for me to punch an encryption key into. I’ve tried many times with the same password or different passwords. But even if I put a password, it behaves the same as… without a password (then, with no encryption).
Also, I’ve tried with different browsers in my computer. I’ve tried on another computer with another browser. I even tried with another WordPress site I have (on another server). Then, it is not specific to a single installation. I’m using the last version of WP.
I’ve tried with your “demo” and everything works (as a client).
Thank You
October 30, 2014 at 6:46 pm # //
Ryan Hellyer says:
I don\’t think I can help anymore without seeing this problem in action. It works flawlessly for me.
It\’s probably a very easy thing to fix, so if you can provide me with login details and SSH access to a test site of some sort, then I\’m happy to take a look and figure out where the problem lies for you. Without that, there isn\’t much I can do though sorry.
October 30, 2014 at 7:29 pm # //
Ryan Hellyer says:
If you can’t debug, I’m happy to take a look at a test site if you have one I can access (admin panel access should be enough at this stage).
October 30, 2014 at 3:53 pm # //
Robert says:
Hi Ryan,
Finally I found the solution, now it’s working.
I took a look at your source file in your demo and I’ve noticed that your init.js version (ver=1.4) was not the same as mine (ver=1.2) (after installation of the plugin).
I compared your init.js and mine and found a tiny difference.
I’ve decided to use your version of init.js (and edit “class-end2end.php” for ‘1.4’) and this solve the problem.
May be it would be a good idea to edit your “end-to-end_v1_1_2.zip” file, if other people have the same problem.
Thank you for this plugin. I appreciate it.
October 31, 2014 at 3:16 am # //
Ryan Hellyer says:
Oh, that’s disturbing. The plugin has probably not been working since I first posted it here :/
I’ll get that fixed ASAP.
Thanks for debugging it for me 🙂
October 31, 2014 at 8:10 am # //
Robert says:
Thanks to you.
I’m happy I found this little bug, but I’m surely happy you created this plugin (because on my side, this is something I can’t do : not enough knowledge!).
Have a nice day.
October 31, 2014 at 10:16 am # //
Ryan Hellyer says:
I\’m glad you find it useful. The main problem I\’ve found with this plugin, is just explaining to people what it actually does. Most people have trouble understanding the concept of end to end encryption.
I\’d love to find someone to help create a corresponding browser plugin for it, as I\’ve given up on working out that myself. Without that browser plugin, it\’s still open to some attack vectors, which is unfortunate :/
I have a few other ideas for this sort of technology too. Things like creating a website which allows you to securely store your health information, kinda like Google Health and other services that have existed, but stored in a totally secure environment and allowing you to export your data at any time. I doubt I\’ll even get started on that project, but it is in the back of my mind as a potential way to expand on this much smaller project here.
October 31, 2014 at 10:30 am # //
Robert says:
In fact, I’m surprised that almost nobody is working on a project similar to yours. Many people (business, services…) would like to have really secure communication plus encrypted storage of information. In normal life this is the case : we all want a part of our life to be “public” and another part to be “private”. And, as we know, many (many!) sites use WordPress for many purposes.
Personally, I understood the concept when I read on your product description : “The trick to ensuring true end to end encryption within WordPress, is to encrypt your posts before they are sent back to the server and only decrypt them once they arrive back at browser level. This means that there is no point of failure outside of the computers being used to access the web pages.”
Pretty clear to me (and English is not my native language).
Plus the fact that we can see that the data is really encrypted within the database with your plugin. I’ve checked.
Surely, the ideal would be that we may write, normally, in wysiwyg mode. Writing in HTML mode may discouraged many.
Finally, you said that “without a browser plugin” it’s still open to some attack. It seems that security close to 100% is not an easy task.
October 31, 2014 at 11:21 am # //
Robert says:
I have a project to build a website with a friend of mine who is (physically) very far.
I was saying to myself, is it possible to have a conversation, about the website we plan to build, behind closed doors, and online?
I was looking for something different from email.
A place for a lot for Q and A (because, as we know, there’s a lot of small and big decisions we have to make when we build a website) and a place that I may use for documentation about the website (documenting the decisions we’ve made).
At the same time, I may keep this place “open for conversation”, between my friend and I, even after the launching of the website, because, as we know, there’s always something to talk about when we build a website (before and… after).
October 31, 2014 at 3:51 pm # //
Ryan says:
That sounds like what you actually need is a plugin or tool, which allows you to have a document which you can both edit, but which provides full end to end encryption.
Something like a Google document, but with in-browser encryption.
I just ask, as I may look at building more encryption products in the future, so I’m trying to work out what tools people would be mostly likely to use. I build this plugin first of all, as it was something I had an interest in myself, but now that I understand how to use the technology, it won’t be too much of a stretch to move into other areas later on.
If you have any cool ideas of potential products, just let me know and I’ll stick them in my mental list of potential ideas 🙂
October 31, 2014 at 4:49 pm # //
Ryan Hellyer says:
I wasn\’t initially aware that it doesn\’t work with the wysywig as I only rarely use that. I was having a poke around at lunch time today trying to work out a way to at least alert people that they need to use the HTML editor instead of the wysywig.
I\’m not sure if it will be viable to make it work (well) with the wysywig running. Since the wysywig does a lot of code modification, it may break the encryption in some situations. But alerting the users when the wysywig is being used, that the encryption won\’t work, is definitely doable I think.
October 31, 2014 at 12:28 pm # //
Robert says:
Good idea!
And… I found a bit strange that with TinyMCE (also with the advanced version) we don’t have a P tag in text (html) mode. We have B, I, and so on… but no P. May be there is a way to add the P tag, but I don’t know (yet). I have to do it manually.
And… About HTML mode, I found HTML Mode Locker plugin or Always Edit in HTML plugin. With these plugins (one or another) we may force WordPress to be in HTML mode only for specific posts or pages (or all of them if my memory is good).
October 31, 2014 at 1:34 pm # //
Ryan says:
I’ll have a look to see if I can adapt one of those plugins to provide that functionality when a page is encrypted. I could it set to not encrypt when in visual mode, and disable visual mode when the page has been previously encrypted. It’ll depend on how that functionality works, but I’m assuming that should be doable.
May I ask what sort of data you intend to use the plugin for? I mostly store emergency information with it myself. I store things like travel document information, passport details, bank account information (but not passwords); stuff which I may require on short notice or in situations where I may need to use someone elses device (ie: if they lock me up going through passport control because I lost my phone, wallet and passport).
October 31, 2014 at 2:17 pm # //
Robert says:
Yes, you’re idea of a Google document, with in-browser encryption, would be surely great.
Also, another sudden idea : I know that more and more, people are building membership website for many purposes (community, hobbies, special interests, e-learning…).
I imagine that if we want a website for members only (some part of the website may be public and another part may be private), we REALLY want the membership section of the website to be for members only, especially if people are paying to have access to the membership part of the website.
For me, it sounds like another place where encryption may be useful.
October 31, 2014 at 5:31 pm # //
Ryan says:
It would need to be a membership site which required a very high level of privacy/security though. Most users would be unhappy with having to punch in an encryption key on every page load. I think situations in which the user is storing stuff like medical records, legal documents etc. would be suitable for this type of system though.
October 31, 2014 at 11:48 pm # //
Robert says:
Yes, you’re right. We have to think about usability.
Medical records, legal documents… is a good idea.
… and maybe a special advice (communication, question…) from a professional (lawyer, doctor, coach, counseller, expert in area…) to a person or client, with this system.
November 1, 2014 at 1:37 am # //
Robert says:
Hi Ryan,
I told in a previous comment that “I found a bit strange that with TinyMCE we don’t have a P tag in TEXT (HTML) mode.”
I found a plugin to solve this problem at https://wordpress.org/plugins/post-editor-buttons-fork/.
With this plugin you can add the tag you need (P, H2, H3…)
October 31, 2014 at 8:55 pm # //
Ryan says:
You don’t need a P tag as WordPress automatically adds it via the wpautop filter, based on where carriage returns are. That’s more of a flaw/feature in how the HTML editor works though, rather than a problem with the TinyMCE editor though.
October 31, 2014 at 11:44 pm # //
Robert says:
May be I’m wrong, but I realized that we need to put content such as first lines second line in HTML mode with the p tag, if we want to have a nice display in view mode. I realized that when I was testing the plugin. If not, text appears on the same line, in view mode, even if on different lines in HTML mode (if we don’t put the p tag).
November 1, 2014 at 1:20 am # //
Ryan says:
Oh, I see. You are creating the content in the visual editor, then converting it to HTML, then encrypting.
In that case yes, you will need to add the P tags in on top. There will never be a proper workaround for that, since WordPress can not read the encrypted data in the post. Adding P tag support to TinyMCE would indeed help alleviate the problem though. Thanks for discovering and explaining that.
November 1, 2014 at 2:07 am # //
Robert says:
In fact, I’m creating the content in TinyMCE, directly in HTML mode only (I even installed the Always Edit in HTML Plugin to specify HTML only, for a specific page).
But I need to put the P tag, manually, for proper display (and formatting). In order words, put the real markup as if I was working with a text editor or a dedicated HTML editor.
If not, all the content appears in the same line (not within the TinyMCE, in HTML mode, but when we try to take a look at the page, like your demo page).
Is it the way you’re working? May be there’s a better way.
November 1, 2014 at 8:07 am # //
Ryan says:
Yep, that’s what I guessed you were doing. It’s guaranteed to behave weird, just because WordPress does server side processing of markup, which it can’t do on an encrypted blob that I can’t read.
November 1, 2014 at 2:42 pm # //