You can add the Tao Encryption as a standard TAO extension to your current TAO instance.
$ composer require oat-sa/extension-tao-encryption
Encrypted services supported
1. Results Encryption
Setup Keys on the server tao instance
$ sudo -u www-data php index.php 'oat\taoEncryption\scripts\tools\SetupAsymmetricKeys' generate
This command will generate two keys (public and private) and save them on the filesystem.
On Client Tao instance. You have to copy the public key.
On Server Tao instance. You need both keys
Setup encryption on tao client instance
In order to use the encrypted results service you have to run the following command on the client tao instance.
$ sudo -u www-data php index.php 'oat\taoEncryption\scripts\tools\SetupEncryptedResultStorage'
You should use this on tao client instance
Setup decryption on tao server instance.
In order to decrypt your results use the following script by passing a delivery id.
$ sudo -u www-data php index.php 'oat\taoEncryption\scripts\tools\DecryptResults' -d <delivery_id>
Or by passing the -all argument
$ sudo -u www-data php index.php 'oat\taoEncryption\scripts\tools\DecryptResults' -all
This command will decrypt results and store in the delivery result storage setup.
You should use this on tao server instance
3. Setup Sync Encrypted Result
In order to sync encrypted results the script needs to be run on the server tao instance and client as well.
$ sudo -u www-data php index.php 'oat\taoEncryption\scripts\tools\SetupEncryptedSyncResult'
You should ran this command on server and client.
2. Test State data encryption
In order to use the encrypted state test service you have to run the following command:
$ sudo -u www-data php index.php 'oat\taoEncryption\scripts\tools\SetupEncryptedStateStorage'
This service it's using the symmetric algorithm in order to encrypt.
The key provider is a configurable option which can be changed in the config file:
You should ran this command on client tao instance
Encrypted File Systems
You can make TAO file systems encrypted. The following command line enables encryption
private file system, using the service registered with ID
taoEncryption/symmetricEncryptionService for data encryption/decryption.
sudo -u www-data php index.php "oat\taoEncryption\scripts\tools\SetupEncryptedFileSystem" -f private -e taoEncryption/symmetricEncryptionService
This script will NOT encrypt the data already stored in the file system. In other words, it is suitable for new installations only. In addition, it only works, for the time being, with local file systems.