[liberationtech] pgp message encryption and decrypion using just a browser
David Dahl
david at ddahl.com
Mon Sep 27 09:33:32 PDT 2010
On Mon, Sep 27, 2010 at 8:57 AM, Brandon Wiley <brandon at blanu.net> wrote:
>
> This is very cool. If you were to use pure Javascript crypto and
> automatically detect and upgrade to native when the extension is installed
> then this would broaden your potential user base.
>
indeed. I started with a site that used js only and was not interested
in implementing all of PKI, of course this site was unusable by
humans. The native speed of the extension is nice to have, but yeah,
upgrading gracefully would be the best solution. Supporting all
browsers is not a goal of mine, as it distracts from just getting
everything implemented - but helping to prototype a DOM crypto API is.
> I have built a similar system using pure Javascript implementations of RSA
> and AES which I can send you if you'd like. My original goal was to develop
You should put it up on github or bitbucket. I would like to see it.
> an end-to-end (browser-to-browser) encrypted fork of StatusNet (a open
> source microblogging platform). The benefit would be that the service
> couldn't leak your private information (since they do not have it in
> unencrypted form) except through an explicit attack where they try to
> intercept your private key (PR disaster). I found the problems to be with
> PKI as usual. When HTML5 client-side storage is more mature and has
> widespread adoption, this could be a suitable way to store private keys,
IndexedDB might be a good solution in the next year.
> although that of course destroys portability between computers. The other
> PKI issue is that the usual public key cryptography primitives don't work so
> well for one-to-many publication, requiring a separate encrypted message for
> each recipient. This is somewhat awkward to incorporate into an existing
> microblogging platform.
right, this is the second application I would like to work on. I was
thinking about having a shared key for each feed you are allowed to
follow, to make it simple and fast.
Cheers,
David
More information about the liberationtech
mailing list