Can I set up a wiki that uses a fully encrypted data backend?
January 11, 2010 10:19 PM Subscribe
Can I set up a wiki that uses a fully encrypted data backend?
I would like to have a wiki that stores its data encrypted. Once the proper credentials have been given, I want it to operate seamlessly, encrypting/decrypting on the fly; from the point of view of the user, other than an initial login that is required to even see the data, it should seem like any other wiki.
I do not want to simply rely on full disk encryption, as I would like to be able to move/copy the database from one machine to another without worrying about needing to encrypt it.
Two specific features that I would like are full history/revision capabilities and embedded media files (which I would want to be encrypted just like everything else).
I don't particularly care what language it's written in, but I would like it to be open source, and free as in beer. Failing free, the cheaper, the better.
It doesn't have to be able to serve a large number of users, and the less configuration to get a basic system up and running, the better.
I would want the encryption to be done in a standard strong manner (e.g. AES) that I could decrypt manually myself, and the underlying data to be in some non-proprietary format, so that I can bypass the wiki software if I ever want or need to.
It doesn't even have to be able to be webserver-based. In fact, an OS-independent system that doesn't require a web server (such as TiddlyWiki, which is a single flat HTML file that does all its wiki stuff via built-in javascript) would be great, using the web browser to look directly at a file that's local to the machine.
Failing that, something that could run on Apache or some such would be fine. Failing that, uh, I'll take what you've got, as long as it runs on either Windows or something like some sort of Linux or FreeBSD. Not Mac.
Thanks in advance.
I would like to have a wiki that stores its data encrypted. Once the proper credentials have been given, I want it to operate seamlessly, encrypting/decrypting on the fly; from the point of view of the user, other than an initial login that is required to even see the data, it should seem like any other wiki.
I do not want to simply rely on full disk encryption, as I would like to be able to move/copy the database from one machine to another without worrying about needing to encrypt it.
Two specific features that I would like are full history/revision capabilities and embedded media files (which I would want to be encrypted just like everything else).
I don't particularly care what language it's written in, but I would like it to be open source, and free as in beer. Failing free, the cheaper, the better.
It doesn't have to be able to serve a large number of users, and the less configuration to get a basic system up and running, the better.
I would want the encryption to be done in a standard strong manner (e.g. AES) that I could decrypt manually myself, and the underlying data to be in some non-proprietary format, so that I can bypass the wiki software if I ever want or need to.
It doesn't even have to be able to be webserver-based. In fact, an OS-independent system that doesn't require a web server (such as TiddlyWiki, which is a single flat HTML file that does all its wiki stuff via built-in javascript) would be great, using the web browser to look directly at a file that's local to the machine.
Failing that, something that could run on Apache or some such would be fine. Failing that, uh, I'll take what you've got, as long as it runs on either Windows or something like some sort of Linux or FreeBSD. Not Mac.
Thanks in advance.
The easiest way would be to take any existing off-the-shelf wiki software (e.g. MediaWiki) that supports using an RDBMS like MySQL or PostgreSQL as the back-end, and then storing the data files for that RDBMS on a TrueCrypt virtual disk.
This virtual disk is basically just another file on the filesystem, but when plugged into TrueCrypt, it maps to a drive on the system and any reads/writes to that "drive" are transparently encrypted/decrypted.
posted by zain at 10:56 PM on January 11, 2010
This virtual disk is basically just another file on the filesystem, but when plugged into TrueCrypt, it maps to a drive on the system and any reads/writes to that "drive" are transparently encrypted/decrypted.
posted by zain at 10:56 PM on January 11, 2010
If you want a local disk wiki, encrypt at the disk level with TrueCrypt (Windows) or LUKS (Linux).
If you want to encrypt a wiki on a remote server, without giving that remote server the key to decrypt the content (i.e. you want to do things properly), then you will need a layer between the browser and the server. That layer could be a javascript app, but this doesn't to my knowledge exist yet.
posted by devnull at 12:40 AM on January 12, 2010
If you want to encrypt a wiki on a remote server, without giving that remote server the key to decrypt the content (i.e. you want to do things properly), then you will need a layer between the browser and the server. That layer could be a javascript app, but this doesn't to my knowledge exist yet.
posted by devnull at 12:40 AM on January 12, 2010
Don't forget to encrypt the swap space of any server it will be running on. Otherwise your data will come up clear in the swap and you will fail the point of encryption.
posted by knz at 2:03 AM on January 12, 2010
posted by knz at 2:03 AM on January 12, 2010
You could set up an off-the-shelf wiki that can use SQLite as its DB, and use the SQLite Encryption Extension.
posted by zsazsa at 9:05 AM on January 12, 2010
posted by zsazsa at 9:05 AM on January 12, 2010
I just stumbled upon this guide to encryption and tiddlywiki.
posted by jjb at 8:57 PM on January 12, 2010
posted by jjb at 8:57 PM on January 12, 2010
This thread is closed to new comments.
posted by jjb at 10:39 PM on January 11, 2010