Encryption Data Manager
Please install Encryption Data Manager extension.
It is important for eCommerce site to maintain up to date security for data provided buy customers. This is required buy customers, industry and PCI standards.
By enabling AbanteCart data encryption you can secure your customers data from access. Information, such as customer addresses, emails, phone numbers, credit cards, etc. will be encrypted and not readable. Encryption key can be stored securely and prevent access to this data in event of hacking or database attack.
Requirements: PHP => 5.3 and openSSL enabled
(Contact your server admin or hosting company)
Do not confuse SSL data encryption with signed SSL certificates (HTTPS) used for browser access to sites
Backup your code and database before you start!
For security keep backup of unencrypted data out of your server!
ConfigurationAdd key storage location path.
Add below lines to /system/config.php file.
Change path to your specific path on your server and it has to be writable/readable only to web-server
If ENCRYPTION_KEYS_DIR is not provided, default path will be used in /system/keys/ . Important to keep these keys secure!
Generate New Keyin Encryption Data Tools generate new key with some unique key name provided (no spaces or special characters).
Important to use only 1 key at the time and add below line to /system/config.php file with key name that will be default
This is the key name that will be used for read/write at one given time.
Encrypt all data
Require login nameCustomer emails are encrypted now. To prevent login issues and duplicate accounts, set "Require login name" setting to ON.
Setting is located in Settings > Checkout section
Existing customers will be asked to create unique login name at next time they login to the account
All customers data is secured now! Start testing!
1. Keep Key in secure location with restricted file permissions for root and Apache (webserver)
2. Backup your keys in some remote secure location. Lost keys will cause loss of all data
3. There is no key expiration management.
4. Search or look up by encrypted user data will not work (search by address, phone number, etc. will not work)
5. Once data in encrypted there is NO undo and extension can not be disabled.
These needs to be accounted for in key management procedures
Rotate (change) encryption keyGenerate new key pair
- Set new key as default key into configuration file
- Go to Encryption Usage Tab select new key in Rotate column and click on Encrypt Data button