Feature: #67932 - New rsaauth API
See forge#67932
Description
The rsaauth API has been rewritten to be more generic and can now be used easily in more parts of the core as well as in third party extensions.
Impact
Form fields (e.g. password fields) can be encrypted before transmission. This helps to improve the security of your and your user's data.
Examples
Encode
Encoding is done automatically via a JavaScript function which gets a public key and encrypts the data.
1) Include JavaScript to parse form fields for encryption. You can either choose to include a RequireJS module or a plain Javascript file.
$rsaEncryptionEncoder = GeneralUtility::makeInstance(\TYPO3\CMS\Rsaauth\RsaEncryptionEncoder::class);
$rsaEncryptionEncoder->enableRsaEncryption(); // Adds plain JavaScript
$rsaEncryptionEncoder->enableRsaEncryption(TRUE); // Adds RequireJS module
- Activate encryption for your from fields with the data attribute
data-
.rsa- encryption
<input type="password" id="pass" name="pass" value="" data-rsa-encryption="" />
If you want the encrypted value to be stored in another field, you have to use the RequiredJS module and you can pass the id of that form field as value to the data attribute.
<input type="password" id="t3-password" name="p_field" value="" data-rsa-encryption="t3-field-userident" />
<input type="hidden" name="userident" id="t3-field-userident" />
Decode
To decode your data you can use the method TYPO3\
which can
either handle a string or an array as parameter. Data that is handled by TYPO3CMSCoreDataHandlingDataHandler will
be decoded automatically before processing.
Notice: A RSA public key can only be used once to decrypt data. If you encrypt multiple fields in your form
you have to pass an array to the decrypt function with all data you want to decrypt. The function parses the
values for a rsa:
prefix so you can be sure that non-matching data will not be changed.
$rsaEncryptionDecoder = \TYPO3\CMS\Core\Utility\GeneralUtility::makeInstance(\TYPO3\CMS\Rsaauth\RsaEncryptionDecoder::class);
// Decrypt a single string
$password = $loginData['uident'];
$decryptedPassword = $rsaEncryptionDecoder->decrypt($password);
// Decrypt an array
if ($this->isRsaAvailable()) {
$parameters['be_user_data'] = $this->getRsaEncryptionDecoder()->decrypt($parameters['be_user_data']);
}