Encryption Data Manager

Please install Encryption Data Manager extension.

It is important for eCommerce site to maintain up to date security for data provided buy customers. This is required buy customers, industry and PCI standards.

By enabling WebriQshops data encryption you can secure your customers data from access. Information, such as customer addresses, emails, phone numbers, credit cards, etc. will be encrypted and not readable. Encryption key can be stored securely and prevent access to this data in event of hacking or database attack.

Requirements: PHP => 5.3 and openSSL enabled
(Contact your server admin or hosting company)

Note

Do not confuse SSL data encryption with signed SSL certificates (HTTPS) used for browser access to sites

Important!

Backup your code and database before you start!
For security keep backup of unencrypted data out of your server!

  • 1

    Configuration

    Add key storage location path.
    Add below lines to /system/config.php file.
    define('ENCRYPTION_KEYS_DIR', '/path/to/keys/');
    define('DATA_ENCRYPTION_ENABLED', true);
    Change path to your specific path on your server and it has to be writable/readable only to web-server
    If ENCRYPTION_KEYS_DIR is not provided, default path will be used in /system/keys/ . Important to keep these keys secure!
  • 2

    Generate New Key

    in Encryption Data Tools generate new key with some unique key name provided (no spaces or special characters).

    Important to use only 1 key at the time and add below line to /system/config.php file with key name that will be default define('DATA_ENCRYPTION_KEYPAIR', 'your_key_name');

    This is the key name that will be used for read/write at one given time.

  • 3

    Encrypt all data

    Now you need to run encryption for all the data using new key created at prior step.
    You can do this in Encryption Data Tools of Encrypt Data tab.
    Just follow the steps for "data encryption" process
  • 4

    Require login name

    Customer emails are encrypted now. To prevent login issues and duplicate accounts, set "Require login name" setting to ON.

    Setting is located in Settings > Checkout section
    Existing customers will be asked to create unique login name at next time they login to the account

    All customers data is secured now! Start testing!

    Notes

    1. Keep Key in secure location with restricted file permissions for root and Apache (webserver)
    2. Backup your keys in some remote secure location. Lost keys will cause loss of all data
    3. There is no key expiration management.
    4. Search or look up by encrypted user data will not work (search by address, phone number, etc. will not work)
    5. Once data in encrypted there is NO undo and extension can not be disabled.
    These needs to be accounted for in key management procedures

  • 5

    Rotate (change) encryption key

    Generate new key pair
    - Set new key as default key into configuration file
    - Go to Encryption Usage Tab select new key in Rotate column and click on Encrypt Data button

Need help configuring, supporting or extending functionality, contact www.webriq.com site or

Related pages: