# WP Recognyze Objects

A WordPress plugin that integrates with the Recognyze API to sign and manage your WordPress content with enterprise-grade security features.

## Description

WP Recognyze Objects allows you to add digital signatures to your WordPress content, enabling you to gain rewards from content aggregators. The plugin adds a "Recognyze Signature" meta box to your post editor and provides comprehensive tools for managing signed content across your site. All sensitive credentials are automatically encrypted using AES-256-GCM encryption for maximum security.

## Features

- **Content Signing**: Sign your posts, pages, and other content types with unique digital signatures
- **Signature Management**: Track, update, and remove signatures as needed
- **Dashboard Widget**: Quick overview of all signed content directly on your WordPress dashboard
- **Signature Report**: Comprehensive report of all signatures with export capabilities
- **Meta Box Integration**: Easily sign content while editing with the integrated meta box
- **Admin Column**: View signature status directly in your content lists
- **Public Verification**: Generate a recognyze.txt file for public verification
- **Customizable Settings**: Configure API endpoints, authentication, and eligible post types
- **🔒 Encrypted Credential Storage**: API keys are automatically encrypted using AES-256-GCM
- **🔐 Credential Masking**: Sensitive data is partially masked in the admin interface for security
- **🛡️ Security Indicators**: Visual indicators show encryption status and security compliance
- **⚡ OpenSSL Integration**: Leverages OpenSSL for robust encryption capabilities

## Installation

1. Upload the `recognyze-client` folder to the `/wp-content/plugins/` directory
2. Activate the plugin through the 'Plugins' menu in WordPress
3. Navigate to "Recognyze Objects > Settings" to configure the plugin
4. Ensure OpenSSL PHP extension is available (the plugin will notify you if it's missing)

## Configuration

### Security & Encryption

The plugin automatically encrypts all sensitive credentials using AES-256-GCM encryption. You'll see:
- 🔒 **Green lock icons** for encrypted credentials
- 🔓 **Orange unlock icons** for plain text (legacy) credentials
- **Automatic migration** from plain text to encrypted storage
- **Partial masking** of credentials in the admin interface (e.g., `sk-proj****************abcd` for API keys)

### API Setup

1. **API Endpoint**: Enter your Recognyze API endpoint URL
2. **Authentication**: 
   - **Get API Key**: Use Basic Authentication credentials (username/password) to obtain an API key. These credentials are only used temporarily and are never stored.
   - **API Key**: Enter your API key (automatically encrypted and stored)
3. **API Timeout**: Set request timeout value (default: 30 seconds)
4. **Test Connection**: Verify your API configuration works correctly

### Content Types

Select which post types to enable for signing:
- Posts
- Pages  
- Attachments
- Custom post types (if available)

### Security Features

- **Encryption Status**: View encryption status of stored credentials
- **OpenSSL Check**: Automatic verification of OpenSSL availability
- **Credential Masking**: Toggle between masked and full credential display
- **Secure Storage**: All sensitive data encrypted at rest

## Usage

### Signing Content

- **From Editor**: Use the "Recognyze Signature" meta box when editing content
- **From Dashboard**: Navigate to "Recognyze Objects > Dashboard" to manage multiple pieces of content

### Managing Signatures

- **Update**: Update signatures when content changes
- **Unsign**: Remove signatures when no longer needed
- **View Reports**: See all signatures in the "Signatures" tab

### Credential Management

- **Viewing**: Credentials are partially masked by default (first 7 + last 4 characters)
- **Editing**: Click the eye icon to toggle between masked and full view
- **Security**: All changes are automatically encrypted before storage
- **Migration**: Existing plain text credentials are automatically encrypted on first save

### Metadata

The plugin adds metadata to the HTML head of signed content:

```html
<meta name="recognyze" identifier="unique-id" name="example" price="price" version="12.10" />
```

### Signature Export

Generate and download a recognyze.txt file from the Signatures page for external verification.

## Requirements

- WordPress 5.0 or higher
- PHP 7.0 or higher
- **OpenSSL PHP extension** (required for encryption features)
- Valid Recognyze API endpoint with proper credentials

## Security Architecture

### Encryption Details

- **Algorithm**: AES-256-GCM (Galois/Counter Mode)
- **Key Derivation**: WordPress security keys combined with plugin-specific salt
- **Initialization Vector**: Randomly generated for each encryption operation
- **Authentication**: Built-in authentication tag prevents tampering
- **Storage**: Encrypted data stored in WordPress options table

### Encrypted Fields

- API Keys (complete encryption)

**Note:** Basic Authentication credentials are only used temporarily when obtaining an API key via the "Get API Key" feature. These credentials are never stored in the database.

### Backward Compatibility

- Existing plain text credentials continue to work
- Automatic migration to encrypted storage on first save
- Visual indicators show encryption status
- No data loss during migration

## Shortcodes and Blocks

- Use `[wprc_http_post]` shortcode to add a signature form to any post or page
- Gutenberg block available for the same functionality

## Security Notes

- All sensitive credentials are encrypted automatically
- Credentials are masked in the admin interface by default
- OpenSSL extension is required for security features
- Backup your site before major updates
- Test API connections after configuration changes