oat-sa / extension-tao-encryption
Tao Encryption
Maintainers
Package info
github.com/oat-sa/extension-tao-encryption
Type:tao-extension
pkg:composer/oat-sa/extension-tao-encryption
Requires
- php: >=5.5
- oat-sa/extension-tao-delivery: >=15.0.0
- oat-sa/extension-tao-delivery-rdf: >=14.0.0
- oat-sa/extension-tao-lti: >=12.0.0
- oat-sa/extension-tao-oauth: >=6.0.0
- oat-sa/extension-tao-outcome: >=13.0.0
- oat-sa/extension-tao-proctoring: >=20.0.0
- oat-sa/extension-tao-publishing: >=6.0.0
- oat-sa/extension-tao-sync: >=8.0.0
- oat-sa/extension-tao-testcenter: >=10.0.0
- oat-sa/extension-tao-testqti: >=41.0.0
- oat-sa/extension-tao-testtaker: >=8.0.0
- oat-sa/generis: >=14.0.0
- oat-sa/tao-core: >=47.0.0
- phpseclib/phpseclib: ~2.0.0
This package is auto-updated.
Last update: 2026-05-23 15:03:48 UTC
README
This article describes the functioning of tao encryption, focusing of encryption of sensitive data information on a database level.
Installation
You can add the Tao Encryption as a standard TAO extension to your current TAO instance.
$ composer require oat-sa/extension-tao-encryption
Encrypted services supported
1. Results Encryption
Encrypt
$ sudo -u www-data php index.php 'oat\taoEncryption\scripts\tools\SetupAsymmetricKeys' generate
Note:
This command will generate two keys (public and private) and save them on the filesystem.
Note:
On Client Tao instance. You have to copy the public key.
Note:
On Server Tao instance. You need both keys
Decrypt
In order to decrypt your results use the following script by passing a delivery id.
$ sudo -u www-data php index.php 'oat\taoEncryption\scripts\tools\DecryptResults' -d <delivery_id>
Or by passing the -all argument
$ sudo -u www-data php index.php 'oat\taoEncryption\scripts\tools\DecryptResults' -all
Note:
This command will decrypt results and store in the delivery result storage setup.
$ sudo -u www-data php index.php 'oat\taoEncryption\scripts\tools\SetupEncryptedResultStorage'
In order to sync encrypted results the script needs to be run on the server tao instance and client as well.
$ sudo -u www-data php index.php 'oat\taoEncryption\scripts\tools\SetupEncryptedSyncResult'
2. Test State data encryption
In order to use the encrypted state test service you have to run the following command on tao client instance:
$ sudo -u www-data php index.php 'oat\taoEncryption\scripts\tools\SetupEncryptedStateStorage'
$ sudo -u www-data php index.php 'oat\taoEncryption\scripts\tools\SetupEncryptedMonitoringService'
This service it's using the symmetric algorithm in order to encrypt information.
3. User Encryption
$ sudo -u www-data php index.php 'oat\taoEncryption\scripts\tools\SetupEncryptedUser'
$ sudo -u www-data php index.php 'oat\taoEncryption\scripts\tools\SetupUserEventSubscription'
$ sudo -u www-data php index.php 'oat\taoEncryption\scripts\tools\SetupUserSynchronizer'
Note:
You should ran this command on client tao instance
4. Setup Encrypted File Systems
$ sudo -u www-data php index.php "oat\taoEncryption\scripts\tools\SetupEncryptedFileSystem" -f private -e taoEncryption/symmetricEncryptionService -k taoEncryption/symmetricFileKeyProvider
$ sudo -u www-data php index.php 'oat\taoEncryption\scripts\tools\SetupDeliveryEncrypted'
$ sudo -u www-data php index.php 'oat\taoEncryption\scripts\tools\SetupUserApplicationKey'
$ sudo -u www-data php index.php 'oat\taoEncryption\scripts\tools\SetupRdfDeliveryEncrypted'
Note:
Extra You can make TAO file systems encrypted. The following command line enables encryption for the
privatefile system, using the service registered with IDtaoEncryption/symmetricEncryptionServicefor data encryption/decryption.
sudo -u www-data php index.php "oat\taoEncryption\scripts\tools\SetupEncryptedFileSystem" -f private -e taoEncryption/symmetricEncryptionService
