[Koha] Encryption and Pseudonymization settings

David Liddle david.liddle at wycliff.de
Sun Jan 8 01:45:59 NZDT 2023 

Thank you, Galen, for your response—it was exactly what I needed!
________________________________
Von: Galen Charlton <gmc at equinoxoli.org>
Gesendet: Freitag, 6. Januar 2023 16:23
An: David Liddle <david.liddle at wycliff.de>
Cc: koha at lists.katipo.co.nz <koha at lists.katipo.co.nz>
Betreff: Re: [Koha] Encryption and Pseudonymization settings

Sie erhalten nicht oft eine E-Mail von gmc at equinoxoli.org. Erfahren Sie, warum dies wichtig ist<https://aka.ms/LearnAboutSenderIdentification>
Hi David,

On Fri, Jan 6, 2023 at 5:58 PM David Liddle <david.liddle at wycliff.de<mailto:david.liddle at wycliff.de>> wrote:
> <!-- This is the bcrypt settings used to generated anonymized content -->
>  <bcrypt_settings>__BCRYPT_SETTINGS__</bcrypt_settings>
>
> What form should the content of this line and these settings take?

As mentioned in one of the comments in bug 28911, an appropriate value can be generated by the following command:

htpasswd -bnBC 10 "" password | tr -d ':\n' | sed 's/$2y/$2a/'

> Similarly, I would like to know what form the encryption key should take in this section:
>
> <!-- Encryption key for crypted password or sensitive data -->
>  <encryption_key>__ENCRYPTION_KEY__</encryption_key>

I believe this can be set to any high-entropy string suitable for a password or pass phrase. Per the Crypt::CBC documentation <https://metacpan.org/pod/Crypt::CBC<https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fmetacpan.org%2Fpod%2FCrypt%3A%3ACBC&data=05%7C01%7Cdavid.liddle%40wycliff.de%7Cec129049b6a64b3096a108daf03d2713%7C772715adef9944af8813312792f6de1c%7C0%7C0%7C638086442693352946%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=aSkfZ%2Bl5OoE2wH5SV48esb%2FypTrYXnB0WxOha9jb0J4%3D&reserved=0>>, it's not literally an AES encryption key but is used to create one.

> Are there any risks or drawbacks to enabling these settings on a live site?
> (I'm executing them first on a QA server with a robust backup system,
> but it helps to know what to expect.)

It should be pretty safe. The pseudonymization feature is turned on via a system preference and largely affects reporting, although some care would be needed as you prune non-pseudonymized data. The encryption is currently only used by the optional 2FA feature.

Regards,

Galen
--
Galen Charlton
Implementation and IT Manager
Equinox Open Library Initiative
gmc at equinoxOLI.org
https://www.equinoxOLI.org<https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.equinoxoli.org%2F&data=05%7C01%7Cdavid.liddle%40wycliff.de%7Cec129049b6a64b3096a108daf03d2713%7C772715adef9944af8813312792f6de1c%7C0%7C0%7C638086442693352946%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=83VNTWOYnoTd%2FkIbvqWGmO81XNLG8zGknB%2FoqP%2FC1rU%3D&reserved=0>
phone: 877-OPEN-ILS (673-6457)
direct: 770-709-5581

More information about the Koha mailing list