Extension:PageEncryption

PageEncryption implements symmetric, page level encryption based on the php-encryption library. It includes a special page where to manage disposable access keys to grant external users one-time access to confidential data, and it works with WikiEditor and VisualEditor in a transparent way for the  namaspace.

Features
PageEncryption enables an encrypted namespace where allowed users (users with right   by default set to all registered users) can create/edit protected articles.

The extension works in a transparent way, first requiring to set a global password to lock a password-protected key stored on the server, and then setting a cookie with the user-key by which to encrypt/decrypt or the articles in the relevant namespace.

The password and the user-key are never stored on the server and the symmetric key can only be used in conjunction with the user-key, so there is no way for system administrators (unless the extension itself has not been hacked before you set key) to access your confidential articles/data. To learn more how it works take a look to the following: Encrypting account data with the user's login password.

PageEncryption is therefore an optimal solution when you agree with systems administrators (or the wiki is self-hosted) to take all the possible measures to protect your data, and you want to safeguard them from possible attackers.

Besides an editor-relative global symmetric key, PageEncryption also allows to set disposable access-codes to provide external visitors with a secret code or url through which to access relevant data. The secret code and url can be used only once and again they are not stored on the server. You can use it to grant a single access to the recipient of sensible data ensuring that nobody else will get access to them: of course in this case it is the editor responsibility to provide the secret key or url only through trusted channels. (currently there isn't yet an interface to enter the secret code, although this is the most secure method, because it allows to send the url of the document and the code through separate channels &dash; so please rely on the secret-url until the first stable release)

Still in the first stable release of the extension, PageEncryption is planned to feature an asymmetric mode as well, by which users registered on the wiki can access confidential articles/pages an arbitrary number of times (technically, as it is known, the extension will create a private/public key pair for registered users and then will encrypt a given page revision using their public key).

Also note that all encrypted versions of an article/page are relative to a given revision, therefore external users (or registered users with public key) will be able to access only the specific revision encrypted using the key which is then given to them, therefore as one might expect they don't grant access to future revisions of the same article/page.