====== dokucrypt ======
dokucrypt is a client side (javascript) cryptography plugin.  This plugins allows a user to store and access sensitive data in a dokuwiki.  All sensitive data is encrypted before it is submitted and decrypted on the clients machine.  A users' sensitive data will only be accessible when viewed with a javascript enabled browser and the proper pass phrase.  It will never be transmitted or stored in plain text.

The Javascrypt (http://www.fourmilab.ch/javascrypt/) library is used for encryption and decryption to provide 256 Bit AES encryption.

===== Usage =====
==== Entering Encrypted Data ====
In order to encrypt some sensitive data, the user needs to add text like the following 
  Hi world.  I have a secret.  Can you read it?
  < SECRET>I like ice cream< /SECRET>

  * **Note:** the space before 'SECRET' must be removed

When the user hits 'Save' (or a draft is attempted to be saved) a prompt will open, asking the user to enter a pass phrase key for the encryption.  Once supplied, the encryption will be done in the browser and the encrypted text submitted to the server.

==== Viewing Encrypted Data ====
When the page is viewed, the user will see the encrypted text and a link 'Decrypt Encrypted Text' will appear which will prompt the user for a password and decrypt the text (see the example below).

The encrypted text is compatible with javascrypt decryption (http://www.fourmilab.ch/javascrypt/jscrypt.html).

To view the secret text in the example below, use 'secret' as the pass phrase.

=== Example Encrypted Text ===
Hi world.  I have a secret.  Can you read it?
<ENCRYPTED LOCK=default>#####  Encrypted: decrypt with http://www.fourmilab.ch/javascrypt/
?b64Py5y9JZMVa728IXwqaBh+f9Tbz9jP9OvCY2UdexIz5i6bLRsCOF2IA9qECpp
Bc6oY+BAihtLdzyrtQA3x6yrxg==?64b
#####  End encrypted message
</ENCRYPTED>

==== Editing Encrypted Data ====
To edit the encrypted data, the user needs to Edit the wiki page.  When first loaded, encrypted text will appear encrypted, surrounded by %%<ENCRYPTED>%% and %%</ENCRYPTED>%% tags.  To edit this text, the user needs to press the 'DecryptSecret' button between 'Save' and 'Preview', and supply the correct pass phrase.  The encrypted text will be decrypted to the 'SECRET' form showed above, and the use can edit in plaintext.  Submits or drafts will be encrypted before submission with the same pass phrase supplied.

===== Releases =====


==== 0.29 : add 'Toggle Visible' (2008/01/03) ====
  * Adds the "Toggle Visible" option.   This adds a link to hide/unhide an encrypted element (so the user doesn't have to see the encrypted data).  This is less tested than other releases, but generally works for me.  To specify if element is collapsed or expanded by default, add the 'COLLAPSED="1"' entry to the SECRET or LOCK tag.
  * Download {{dokucrypt:files:crypt-plugin-0.29.tar.gz|crypt-plugin-0.29.tar.gz}} (2889e7f9d1773613e36478ae7d839ea5)

==== 0.2 : Fix IE (2008/01/03) ====

  * IE should now work (version 6 and 7 tested).  Thanks to Michael Lapointe.
  * Download {{dokucrypt:files:crypt-plugin-0.2.tar.gz|crypt-plugin-0.2.tar.gz}} (a22201ec7a69f48c05303a5b9b38481c)

==== 0.1 : First Release ====

  * Works with 2006-11-06 dokuwiki release
  * Download: {{dokucrypt:files:crypt-plugin-0.1.tar.gz|crypt-plugin-0.1.tar.gz}} (cdb475eb6b936a250d97b8b8359b98c3)


===== Bugs =====
  * <del>Does not work with Internet Explorer (IE).</del> (version .2 fixes IE)

===== ToDo =====
  * Replace 'prompt' with customized/prettier one from  http://javascript.internet.com/text-effects/customizable-javascript-prompt.html .  This would allow to use a Password box and not display password as it is typed.
  * Better "blocking" for encodeForSubmit, possibly using settimeout
  * Add a Button in the edit toolbar for 'Secret'
  * Offer more standard JavaScrypt page form
  * recognize case insensitivity of SECRET ENCRYPTED and LOCK keywords.


===== Implementation Notes =====
In order to add this functionality, some hacks were needed.
  * 'onsubmit' encryption of the text area is used to encrypt the data before submission via draft or 'Save', or 'Preview'.  In order to avoid risk of that data being submitted without this encryption taking place, some measures had to be taken.  On load, the edit text area is moved out of the FORM, and replaced with an identically named HIDDEN form element.  On submit, the text area data is encrypted and the encrypted text is stored in the hidden field.

 In order for this hack to be avoided, two things would be needed, these would be difficult to do well in a no-javascript-available environment.
    * an extensible 'addSubmitEvent' function would be needed in dokuwiki similar to addInitEvent
    * some sync-to-real-submit mechanism would would need to be done before submission.

===== About =====
  * Dokucrypt is created by me, Scott Moser.  I hope you find it generally useful and relatively bug free.  Please feel free to contact me at Scott Moser <smoser-nospam-@brickies-nospam-.net>.  (remove the -nospam- to get email address).