Protected Content by Asymmetrical Client Side Encryption

Session track
Code & Development
Experience level
50 min

Working intramurus of an European institution for the last 3 years as software architect in a Drupal team, approximately 1 year ago I've been given a task with this very broad scope: provide an encryption layer strong enough to protect sensitive data from never ever leaking. After searching for solutions and getting the feedback of very estimated colleagues - advocates of security - I choose client side asymmetrical encryption by the means of OpenPGPjs library and then the Drupal module Protected Content was created.

Since then I had the opportunity to share what knowledge and technology has come to my sight and to collect inspiring feedback from the open source community at SecOSDay Harlem, Drupal Camp Kyev, Drupal Camp Cluj-Napoca and SecOSDays Sofia.

Since the first release, the code and my understanding of the task has improved and I would like to propose a talk that goes through a range of topics, discussing the more general areas of democracy, encryption and content ownership as well as providing a technical dive in a live demonstration, code presentation and some hands on workshop (if time allows) on the use of Protected Content, its API, database storage of files, integration to views, fields and entity schema.

Session video: