From 25d3ce4ee8f411a19c3a0e69ebb5c575c16243a8 Mon Sep 17 00:00:00 2001
From: Andrew Dolgov <fox@fakecake.org>
Date: Tue, 8 Apr 2025 08:55:44 +0300
Subject: drop SESSION-specific stuff and move encrypt/decrypt helpers to a
 separate class; add a command line flag to generate encryption keys

---
 classes/Config.php | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

(limited to 'classes/Config.php')

diff --git a/classes/Config.php b/classes/Config.php
index c9acad93e..e906419dc 100644
--- a/classes/Config.php
+++ b/classes/Config.php
@@ -192,8 +192,8 @@ class Config {
 	/** disables login form controls except HOOK_LOGINFORM_ADDITIONAL_BUTTONS (for SSO providers), also prevents logging in through auth_internal */
 	const DISABLE_LOGIN_FORM = "DISABLE_LOGIN_FORM";
 
-	/** optional key to transparently encrypt stored session data using Sodium library (XChaCha20-Poly1305) - generate using bin2hex(sodium_crypto_aead_xchacha20poly1305_ietf_keygen()) */
-	const SESSION_ENCRYPTION_KEY = "SESSION_ENCRYPTION_KEY";
+	/** optional key to transparently encrypt sensitive data (currently limited to sessions); key is a 32 byte hex string may be generated using update.php --gen-encryption-key */
+	const ENCRYPTION_KEY = "ENCRYPTION_KEY";
 
 	/** default values for all global configuration options */
 	private const _DEFAULTS = [
@@ -253,7 +253,7 @@ class Config {
 																					Config::T_STRING ],
 		Config::HTTP_429_THROTTLE_INTERVAL => [ 3600,				Config::T_INT ],
 		Config::DISABLE_LOGIN_FORM => [ "",								Config::T_BOOL ],
-		Config::SESSION_ENCRYPTION_KEY => [ "",                  Config::T_STRING ]
+		Config::ENCRYPTION_KEY => [ "",                  Config::T_STRING ]
 	];
 
 	private static ?Config $instance = null;
-- 
cgit v1.2.3-54-g00ecf