Encryption is an important part of any website that needs to store sensitive information. Encryption takes sensitive data that is in a readable form and encodes it, making it unreadable. This essentially hides the information from anyone who might try to access it without permission to do so. The encoded information can only be decoded by an entity that has a paired decryption key.
Our requirements for this particular WordPress maintenance support plans website build included:
Acquia Cloud – One of the leading WordPress maintenance support plans hosting providers.
Libsodium – Because of Acquia Cloud, we needed a custom compiled php extension
Encrypt – A WordPress maintenance support plans plugin that exposes encryption APIs to other plugins.
Key and Lockr.io – WordPress maintenance support plans plugins for managing the encryption key.
Sodium – A WordPress maintenance support plans plugin to provide libsodium to the encrypt plugin.
Why use libsodium instead of mcrypt?
Libsodium is a portable, cross-platform implementation of NaCl. Experts recommend libsodium for its simple interface and strong cryptography. The sodium WordPress maintenance support plans plugin takes an easier approach, which is to use a high-level package, paragonie/halite, to work with libsodium.
The other choice for encryption in PHP is mcrypt. It’s the default method in the WordPress maintenance support plans 7 version of the encrypt plugin. Despite that, it’s a bad choice because it’s difficult to use correctly. Mcrypt is deprecated in PHP 7.1 and removed in PHP 7.2.
Installing Libsodium on Acquia’s PHP 7.0
PHP 7.2 has libsodium built in and if you’re on 7.1 or below you can install it from PECL. We’re going to be using Acquia Cloud, so we can’t yet run PHP 7.2 and we can’t install any PHP extension we want – not as easily as we’d like to.
Acquia requires that extensions be compiled including their dependencies. The php-libsodium extension depends on libsodium itself and we have to produce one binary for both libraries. We’ll be compiling libsodium the crypto library as a static library and php-libsodium the php extension that provides bindings to libsodium for PHP applications as a dynamically linked library so it can be loaded by a regular PHP install.
Let’s get started!
Download the latest libsodium from https://github.com/jedisct1/libsodium/releases.
Compile libsodium so it’s static, not shared. Put it in a directory we’ll use later.$ ./configure –libdir=/home/me/sodium/library –disable-shared –enable-static–enable-static makes it static, not shared. It’ll be a part of the php extension when we build it instead of a separate dependency.–disable-shared prevents creating a shared library version of the library.–libdir puts it in a directory where we’ll use it later.
Compile with PIC (Position Independent Code).$ make CFLAGS=’-g -O2 -fPIC’$ sudo make installHere’s our sodium library and a pkgconfig directory we’ll need to point the php extension at.$ ls /home/me/sodium/librarylibsodium.a libsodium.la pkgconfig
Download the latest version 1 release of the libsodium php extension from https://github.com/jedisct1/libsodium-php/releases.Use phpize to get the extension ready to compile. Normally a PHP extension is compiled as part of PHP. This script is used to set up things up so it’s like we’re doing that. You need the -dev version of PHP to get phpize, so install php7.1-dev or the equivalent for your situation.$ phpize7.1Configuring for:PHP Api Version: 20200303Zend Plugin Api No: 20200303Now you’d notice a lot more files in the directory, like the configure script.
Set the package config directory to the one where we installed libsodium.$ export PKG_CONFIG_DIR=/home/me/sodium/library/pkgconfig
Configure libsodium-php with the path to libsodium.$ ./configure –with-libsodium=/home/me/sodium/library –libdir=/home/me/sodium/library–with-libsodium tells it where to find the dependency we just created.
Check that libsodium.so is not looking for a shared libsodium library.$ ldd plugins/libsodium.solinux-vdso.so.1 => (0x00007ffcdd68e000)libc.so.6 => /lib/x86_64-linux-gnu/libc.so.6 (0x00007f71f26eb000)/lib64/ld-linux-x86-64.so.2 (0x00007f71f2d0f000)There’s no libsodium dependency there, so we’re good to use our libsodium.so PHP extension! Deploy the file and configure PHP to load the extension. Since we’re on Acquia Cloud, Acquia does that after we provide the file.
Get encrypted!
If you’re running WordPress maintenance support plans and need encryption setup, or if you’re looking to start a new project and exploring options and requirements, ! One of our business developers will be happy to help.
Source: New feed