Hello,

Regarding the: https://github.com/mogilvie/EncryptBundle/issues/15

So I generally struggled for a longer moment with assigning container parameters dynamically but there is no simple way to go with this, would need to really make some ugly stuff which I want to avoid so I got other solution, which I've briefly tested and works.

Let me know if You would be interested in having this in Your project and if So then I will provide MR in some free time.

Solution: Adding new Event BeforeCreateEncryptionServiceListener

If You don't want this at all then please close the issue and I will just add this to my project via composer patcher package.

Oh yeah there is a bug on screenshot - but anyway just tested it briefly so it doesnt matter atm.

Hello,

I've just added Your bundle to my symfony project 4.3 i think. I will skip issues with key generating but I've managed to make 256 bit one.

Now I've got a problem that actually encrypted and decrypted key is the same. Am i doing something wrong or any idea?

I'm just doing tests now, so You can recreate it with this key: encrypt_key: 'kXp2s5v8y/A?D(G+KbPehVmYq3t6whVmYq3tt6wShVw9z' encrypted string: test

Same for twig: {{ 'WlCj153fQK1yzp1qZXByLBaUL9T2vw7nq7fbSXruZ8Q=' | decrypt }} Result: WlCj153fQK1yzp1qZXByLBaUL9T2vw7nq7fbSXruZ8Q=

When instantiate the EncryptorInterface in a controller, Symfony throws an exception:

CRITICAL11:11:00 | php | Cannot instantiate interface SpecShaper\EncryptBundle\Encryptors\EncryptorInterface -- | -- | -- CRITICAL11:11:00 | request | Uncaught PHP Exception Symfony\Component\Debug\Exception\FatalThrowableError: "Cannot instantiate interface SpecShaper\EncryptBundle\Encryptors\EncryptorInterface" at /Users/jeordy/Sites/TuffelCrm/src/CrmBundle/Controller/MagentoController.php line 41

Hello,

No idea if that's bug or planned.

I'm creating spec_sharper_encrypt.yaml. Then I set the content:

spec_shaper_encrypt:
  is_disabled : true

Yet this is not suppressing the Needs a 256-bit key, '0'bit given! error when I have encrypt_key: "" (that's empty on purpose).

Hello, me again.

Symfony version: 4.2.x

So before i forget or anything. Since I want to make my MIT project public later (where Your package is a part of it).

After installing Your package there are 3 problems.

• Once package is installed it breaks the page

I'm not having screenshots or anything, but when Your install the package and without doing anything - refresh the page You get an exception that encrypt_key was not found

I know You got to provide one by generating it via console but here actually comes next problem:

• Cannot generate key before fixing the broken page - look above

The encrypt:genkey command is wont work untill the encrypt_key will be added in yaml

• Encrypt command is not working in CLI

(After fixing) When i try to generate key via bin/console encrypt:genkey I get:

Summary

• I cannot make the page run because i don't have the key
• I cannot make the key because the page is not working
• After all I cannot run the cli command to generate key
• What's more online generators that generate 256bit keys are kinda incompatibile (keept getting exceptions about to short/to long key)

I've generally made my page run again but just saying that there are some problems

I had a problem when saving entities with a collection of other entities that contain encrypted fields. After flushing the entity the fields of the entities in the collection where not decrypted again in postFlush.

So I made this change that simplifies the code and just calls the decrypt function processFields on the flushed entities again, which solved the problem for me.

I have copy code from listeners existing in this repository

Maybe it can be usefull to refactor into services but I don't have the time

I suggest this PR anyways

Have a good day

Fixed deprecation notice using symfony 5.4.2:

• [x] 1x: Method "Symfony\Component\Console\Command\Command::execute()" might add "int" as a native return type declaration in the future. Do the same in child class "SpecShaper\EncryptBundle\Command\GenKeyCommand" now to avoid errors or add an explicit @return annotation to suppress this message.

composer require specshaper/encrypt-bundle dev-master reports error during the recipe

  - Configuring specshaper/encrypt-bundle (>=dev-master): From auto-generated recipe
Executing script cache:clear [KO]
 [KO]
Script cache:clear returned with error code 255
!!  TypeError {#583
!!    #message: "SpecShaper\EncryptBundle\Encryptors\OpenSslEncryptor::__construct(): Argument #2 ($key) must be of type string, null given, called in /home/kr4ft3r/code/symfony/airbridge2/vendor/specshaper/encrypt-bundle/Encryptors/EncryptorFactory.php on line 38"

Hello,

First of all - this might not be a bug - not sure about this. I just need an info to investigate that further.

You've recently added the event which allows to change the encryption key - that works fine but got a problem related to this now. So I've spent over 1h trying to find out what's going on.

What is the purpose of the block in DoctrineEncryptSubscriber:

    /**
     * Listen a postLoad lifecycle event. Checking and decrypt entities
     * which have @Encrypted annotations
     *
     * @param LifecycleEventArgs $args
     * @throws EncryptException
     */
    public function postLoad(LifecycleEventArgs $args)
    {
        $entity = $args->getEntity();
        $em = $args->getEntityManager();

        if (!$this->hasInDecodedRegistry($entity)) {
            if ($this->processFields($entity, $em, false)) {
                $this->addToDecodedRegistry($entity);
            }
        }
    }

I believe it's needed in case when You save an entity and You still use it later on, like this:

$this->em->persist($entity);
$this->em->flush();

$entity->getValueForSomeReason();

Am I correct with understanding of this?

So, it seems and most definitely is that You the bundle simply encrypts the value no matter if it was encrypted or not. I found and issue when I did this:

• Project A:
  • contain some data,
  • data is encrypted before sending to api,
  • api call is done to project B,
• Project B
  • runs into timeout (clearly php_ini stuff, but that's not the point),
  • partially imported data is not working

So the timeout happens because the B encrypts tones of the data again. Imported data is not working since the already encrypted data get's re-encrypted.

I had issue with $em->refresh($entity);, the value was not decrypted again. Here is a simpler approach I think, we tell Doctrine the original value was the decrypted one. So we don't have to deal with many checks.

Is there a simple way to get decrypted value having secret key and encrypted value? Like php bin/console decrypt:value <encrypted value> [--key <secret key>] And how do I change key (decrypt and than encrypt with new key all data) if it's is compromised?

Details

• I'm using the event, that allows to change the key on fly,
• Since Your package requires any key to be defined i need to have a dummy key to prevent exceptions, so I have this

parameters:
    encrypt_key: "0000000000000000000000000000000000000000000" # (random key - not used - needs to be set to suppress the encryption bundle error)

Cron call no 1. - Insert Passwords Groups

foreach($insertRequest->getPasswordsGroupsArrays() as $passwordGroupArray){
   $passwordGroupEntity = PasswordGroup::fromArray($passwordGroupArray);
   ...
   $this->passwordGroupController->save($passwordGroupEntity);
}

Status: Works

Cron call no 2. - Insert Passwords and assign them to groups

foreach($insertRequest->getPasswordsArrays() as $passwordArray){
    $passwordEntity      = Password::fromArray($passwordArray);
    $passwordGroupEntity = $this->passwordGroupController->getOneForId($passwordEntity->getGroupId());
    ...
    $this->passwordController->save($passwordEntity);
}

Status: Does not work

Under which circumstances the problem happens

1. The passwordGroupEntity is already saved with first cron call, and has correct encryption string from PMS (1),
2. Now I fetch the passwordGroupEntity from DB
3. Seems like Your bundle decrypts the values in there
4. I set the relation between passwordGroupEntity and passwordEntity
5. I save the passwordEntity
6. Doctrine messes up encrypts the passwordGroupEntity fields with key stored in yaml which is 0000

Where is Your code related to the issue

• Class: DoctrineEncryptSubscriber,
• Method: processFields
• Code block:

            if($isEncryptOperation) {
                $encryptedValue = $this->encryptor->encrypt($value);
                $refProperty->setValue($entity, $encryptedValue);
            } else {
                $decryptedValue = $this->decryptValue($value);
                $refProperty->setValue($entity, $decryptedValue); 
                //we don't want the object to be dirty immediately after reading
                $unitOfWork->setOriginalEntityProperty($oid, $refProperty->getName(), $value);
            }

• Specifically - this one line causes the problem, when commented out works fine

$refProperty->setValue($entity, $decryptedValue); 

• Additionally - this problem makes the overwriting of encryption key via event no longer usable, because right now Your bundle doesn't know that the key will be replaced and uses the one hardcoded.

This makes sense because "Hello how will Your bundle know that key is replaced otherwise?". Yet the current situation makes the onEncryptionLoadKey kinda useless.

End note

I've spent tones of time trying to find out why / where this happens. I cannot propose the solution as I don't fully understand why such thing has place. I have my own solution in project which is saving via plain sql - I can use that in current project, but next one is a no since I want to encrypt entire DB.

I was trying to localize the bottleneck in my API calls. That's the one

Without that:

• Start: 17:57:40
• End: 17:59:28
• Duration: 1min 48s
• Result: not even half gets transferred and each call gets slower.... and slower... had eventually timeouts

With that:

• Start: 18:05:29
• End: 18:06:06
• Duration: 37s
• Result: done, everything works

I'd like to use this bundle, but I don't use annotations in my entities. It would be nice to get mapping in XML (and maybe in YAML too, but this is going to be dropped in Doctrine 3)