pkp/pkp-lib#9895 app key and encryption service integration

touhidurabir · May 29, 2024 · 70e737a · 70e737a
1 parent 111166f
commit 70e737a
Show file tree

Hide file tree

Showing 3 changed files with 20 additions and 6 deletions.
diff --git a/config.TEMPLATE.inc.php b/config.TEMPLATE.inc.php
@@ -24,6 +24,10 @@
 
 [general]
 
+; An application specific key that is required for the app to run
+; Internally this is used for any encryption (specifically cookie encryption if enabled)
+app_key = 
+
 ; Set this to On once the system has been installed
 ; (This is generally done automatically by the installer)
 installed = Off
@@ -50,11 +54,6 @@
 ; To set the "Secure" attribute for the cookie see the setting force_ssl at the [security] group
 session_samesite = Lax
 
-; Enable this if want to enable cookie encryption
-; The length of the cookie encryption key must be 16 characters
-; Note that updating or removing cookie encryption key will result in logout from all devices
-; session_cookie_encryption_key = ''
-
 ; Enable support for running scheduled tasks
 ; Set this to On if you have set up the scheduled tasks script to
 ; execute periodically
@@ -260,6 +259,14 @@
 
 [security]
 
+; Specific cipher algorithm used to generate app key and encryption purpose
+; Valid and available algorithms are `aes-128-cbc`, `aes-256-cbc`, `aes-128-gcm` and `aes-256-gcm`
+; cipher = 'aes-256-cbc'
+
+; Define should the cookie at user's end need to be encrypted
+; Enabling/Disabling will force all user to re-login
+; cookie_encryption = On
+
 ; Force SSL connections site-wide and also sets the "Secure" flag for session cookies
 ; See https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie#secure
 force_ssl = Off

diff --git a/dbscripts/xml/upgrade.xml b/dbscripts/xml/upgrade.xml
@@ -104,6 +104,7 @@
 
 	<upgrade minversion="3.1.0.0" maxversion="3.4.9.9">
 		<migration class="PKP\migration\upgrade\v3_5_0\PreflightCheckMigration" fallback="3.4.9.9" />
+		<migration class="PKP\migration\upgrade\v3_5_0\I9895_AddAppKeyToConfigFile"/>
 		<migration class="PKP\migration\upgrade\v3_5_0\I9197_MigrateAccessKeys"/>
 		<migration class="PKP\migration\upgrade\v3_5_0\I9253_SiteAnnouncements"/>
 		<migration class="PKP\migration\upgrade\v3_5_0\I9262_Highlights"/>

diff --git a/docs/release-notes/README-3.5.0 b/docs/release-notes/README-3.5.0
@@ -11,9 +11,15 @@ See config.TEMPLATE.inc.php for a description and examples of all supported
 configuration parameters.
 
 New config.inc.php parameters added for general:
-    - session_cookie_enctyption_key (default value: ''), allow cookie encryption when set
+    - app_key (default value: ''), application specific key will used internally for encryption/decryption
+
+New config.inc.php parameters added for security:
+    - cipher (default value: ''), cipher algorithm used to generate app key and encryption purpose
+    - cookie_encryption (default value: ''), allow cookie encryption when set
+
 
 New Features
 ------------
     #9566 : Convert session and cookie management to Laravel
+    #9895 : Introduce APP KEY feature of Laravel