Server-side encryption
Server-side encryption provides an additional layer of data protection. All data is encrypted on the server before writing to the database, regardless of client-side encryption status.
Overview
Purpose
| Scenario | Protection |
|---|---|
| Database leak | Data encrypted with server key |
| Backups | Backups contain only ciphertext |
| Physical server access | Data unreadable without key |
| CSE disabled | Server encryption always works |
How it works
Data from client
↓
[Server encryption AES-256-CFB]
↓
Database (ciphertext)
Encryption algorithm
Parameters
| Parameter | Value |
|---|---|
| Algorithm | AES-256-CFB |
| Key length | 256 bits |
| Mode | CFB (Cipher Feedback) |
| IV | 128 bits, random per encryption |
| Library | OpenSSL (via PHP) |
CFB mode
CFB (Cipher Feedback) mode characteristics:
- Converts block cipher to stream cipher
- No padding required
- Each block depends on previous
- IV must be unique for each encryption
Encrypted data structure
[IV (128 bits)] + [Ciphertext]
IV is stored in plaintext with the ciphertext and used for decryption.
Server encryption key
Key generation
Key is generated once during system installation:
| Parameter | Value |
|---|---|
| Size | 256 bits |
| Source | Cryptographically secure generator |
| Entropy | 256 bits |
| Storage format | base64:{base64_encoded_key} |
Key storage
Key can be stored in two ways:
Method 1: In file (default)
| Parameter | Value |
|---|---|
| Default path | {PROJECT_DIR}/init/encryption_key |
| Path override | Environment variable ENCRYPTION_KEY_PATH |
| Format | base64:{base64_encoded_key} |
Method 2: In environment variable
Key can be passed directly via environment variable, bypassing file.
Access permissions setup
When storing key in file, mandatory access permission setup:
# Owner — application user (e.g., www-data)
chown www-data:www-data /path/to/encryption_key
# Read-only for owner
chmod 400 /path/to/encryption_key
If your organization has strict security policies or regulatory requirements for cryptographic key storage (HSM, external secret stores, certified solutions), contact Passwork technical support to discuss integration options.
Key integrity verification
Key integrity is verified on application startup:
- Load key from file
- Compute SHA-512 hash of key
- Compare with stored hash in database
- On mismatch — startup error
This prevents using incorrect key and data corruption.
What is encrypted on server
Server key encrypts the following data:
- Record data (passwords, custom fields, attachments)
- Vault keys
- Record keys
- External link data
- LDAP integration passwords
- SMTP server passwords
Encryption is performed automatically before database save, decryption — on read.
Configuration
Environment variables
| Variable | Description | Default value |
|---|---|---|
ENCRYPTION_KEY_PATH | Key file path | %init_dir%/encryption_key |
ENCRYPTION_CIPHER | Encryption algorithm | AES-256-CFB |
Cipher configuration
Supported algorithms
The system supports any encryption algorithm available in OpenSSL on the server. This allows choosing an algorithm according to your organization's or regulatory requirements.
Supported algorithm examples:
| Type | Algorithms |
|---|---|
| AES (256 bit) | AES-256-CFB (default), AES-256-GCM, AES-256-CBC, AES-256-CTR |
| AES (128 bit) | AES-128-GCM, AES-128-CBC, AES-128-CTR |
| ChaCha20 | ChaCha20-Poly1305 |
| National standards | Camellia, ARIA, GOST (if supported by OpenSSL) |
Full list of available algorithms depends on OpenSSL version installed on server.
Viewing available algorithms
To view all algorithms available on server:
php bin/console app:cipher-methods:list
Command outputs list of all supported cipher methods and their aliases from OpenSSL.
Changing algorithm
Method 1: Via configuration file
Create or edit init/config.env:
ENCRYPTION_CIPHER=AES-256-GCM
Method 2: Via environment variable
export ENCRYPTION_CIPHER="AES-256-GCM"
- Algorithm change requires re-encryption of all data (similar to key rotation)
- Create backup before changing
- Plan maintenance window for large databases
Algorithm validation
System validates algorithm correctness on first encryption. If unsupported algorithm specified, operation fails with error.
To check algorithm availability:
// Check algorithm support
in_array('AES-256-GCM', openssl_get_cipher_methods())
Interaction with client-side encryption
Two-level model
Data flow with CSE enabled:
- User enters password
- Client (browser) encrypts data with record key (AES-256-CBC) — Level 1 (CSE)
- Server receives already encrypted data
- Server encrypts with server key (OpenSSL AES-256-CFB) — Level 2 (Server-side)
- Database stores double ciphertext
With CSE disabled:
- Data arrives in plaintext
- Only server encryption applies
- Database stores one encryption level
Security guarantees
| Scenario | CSE enabled | CSE disabled |
|---|---|---|
| Database leak | Two protection levels | Server encryption |
| Server compromise | CSE protects data | ⚠️ Data accessible |
| Database administrator | Cannot read | Sees ciphertext |