[liberationtech] pgp message encryption and decrypion using just a browser

Frank Corrigan email at franciscorrigan.com
Thu Sep 30 06:24:04 PDT 2010 

Below are details of the discussion I have been having with Herbert
Hanewinkel <mail at hanewin.de> the developer of
http://www.hanewin.net/encrypt/PGcrypt.htm and hope sharing will shed
some light on the issues being raised.

Frank

In reverse chronology:

Hello,

At 07:51 28.09.2010, you wrote:
>I am doing some research into providing pgp text decryption, for use by
>the likes of ngo's, human rights orgs and at risk bloggers, I have found
>your pgp message encryption page
>http://www.hanewin.net/encrypt/PGcrypt.htm an excellent resource and
>wanted to ask whether you know of anything similar that can also allow
>the recipient to Decrypt a pgp encrypted text message, with their
>Private key, in much the same way you implement the encryption.

Because PGP uses CFB mode, encrypting the encrypted message using the
same
session key decrypts the message.

Decrypting the session key using the private key causes the problem.
You can export the private key from GPG in a file and paste it later
in a web form for decryption.

It's a security risk to store the unprotected private key in a file.
It's a security risk to paste the private key in a web form.

How to solve it?

Regards,



At 08:27 29.09.2010, you wrote:
>With your encryption web page I am able to save/download the full web
>page including the dependent Javascript, this allows me to use it
>off-line. Maybe a similar decryption facility could be arranged by
>placing the html decryption page and the dependent Javascript in a .zip
>file, extracting it locally to ensure it could only be used off line?
>But crucially the .zip file would always be accessible online
>accompanied by an MD5 file for integrity checking.

I looked at decryption:

The problem is decrypting the session with the private key,
extracting d, p, q, u of an RSA key from the PGP secret key packet.
DSA/Elgamal has other parameters.

I found that an exported secrete key from GPG is symmetrically encrypted
by
the choosen password using CAST5 algorithm with a MD5 or
SHA-1 checksum. All PGP define symmectric algorithms are allowed here.

That's great because there is no big security risk in exporting the 
secrete key to
a file. On the other side it means CAST5 and perhaps also other 
algorithms (IDEA,...)
have to be implemented in javascript first.

Regards,

Herbert Hanewinkel 

At 17:35 29.09.2010, you wrote:
>I don't know if I am correct but would a form still require the Private
>key's password/phrase to be entered for it to Decryt, if so then even if
>the secret Private key was lost the Password/Phrase would still be
>needed?

the OpenPGP RFC offers both, exporting in plain text or encrypted by 
a password.
For encrypting the secret key all specified symmetrically encryption 
algorithms are allowed.

Analyzing the exported secrete key packet from GPG the secrete key is
exported password protected using CAST5 algorithm for encryption.
What other programs use, I don't know. It's therefore not garanteed 
that the key
is password protected in a PGP secrete key packet.

Regards,

Herbert Hanewinkel 



At 10:33 30.09.2010, you wrote:

>Thanks again, would it be ok for me to post our discussion on the closed
>https://mailman.stanford.edu/mailman/listinfo/liberationtech listserve?

no problem.

because more and more people are asking for decryption:

I added links to a PGdecode.htm form and a PGdeocde.js javascript on 
my encryption page.

I use PGdecode to analyze PGP key and message blocks.
The javascript can handle only a small subset of all possible PGP 
packet formats.
It could be used as a starting point for decryption.
What's completly missing is the decryption of a secrete key.

Regards,

Herbert Hanewinkel 

-----

Wed, 29 Sep 2010 16:35 (21 hours 41 mins ago)

Thanks for this, I think I grasp what you are saying and I do think it
might be handy if a highly portable way of Decrypting of a pgp message
could be made available and was similar to your online Encryption
facility. 

I don't know if I am correct but would a form still require the Private
key's password/phrase to be entered for it to Decryt, if so then even if
the secret Private key was lost the Password/Phrase would still be
needed?

Maybe, like FireGPG your Encryption facility could be added to a
Decryption facility viaa an add-on and this could ensure that it works
without any need to be online and you could offer a web page version for
those who can't use FireFox.

Frank


Date: Wed, 29 Sep 2010 07:27:47 +0100
Subject: Re: Fwd: pgp message encryption and decrypion using just a 
browser

Thanks for your feedback Herbert,

With your encryption web page I am able to save/download the full web
page including the dependent Javascript, this allows me to use it
off-line. Maybe a similar decryption facility could be arranged by
placing the html decryption page and the dependent Javascript in a .zip
file, extracting it locally to ensure it could only be used off line?
But crucially the .zip file would always be accessible online
accompanied by an MD5 file for integrity checking.

The zip file could also provide the user with details on how to protect
the Private key file and what risks are involved, the user could use a
Live CD to carry out the decryption in, this should ensure no trace of
the Private key will be left behind once the computer is rebooted. But
in essence the user would take responsibility for their Private key. I
would see the threat model being one of potential interception of a
plain text message once it is sent and not whether the sender or
recipients computer could be compromised. Though future access to a
Private key and password/phrase could enable access to past messages,
but such a compromise would not be based on the method of de/encryption.

Maybe if the Private Incognito browser function could be improved then
this may mitigate against loss of Private key data. My own thinking is
mostly based on using a Live CD.

Frank

    Tue, 28 Sep 2010 6:51 (2 days 7 hours ago)
Dear Dr. Herbert Hanewinkel,

I am doing some research into providing pgp text decryption, for use by
the likes of ngo's, human rights orgs and at risk bloggers, I have found
your pgp message encryption page
http://www.hanewin.net/encrypt/PGcrypt.htm an excellent resource and
wanted to ask whether you know of anything similar that can also allow
the recipient to Decrypt a pgp encrypted text message, with their
Private key, in much the same way you implement the encryption.

I have also posed questions about such resources via
http://mailman.stanford.edu/mailman/listinfo/liberationtech - see email
below.

Yours faithfully
Francis Corrigan




----- Original message -----
From: "Danny O'Brien" <DObrien at cpj.org>
To: "Frank Corrigan" <email at franciscorrigan.com>
Cc: "liberationtech at lists.stanford.edu"
<liberationtech at lists.stanford.edu>
Date: Sat, 25 Sep 2010 03:00:13 -0400
Subject: Re: [liberationtech] pgp message encryption and decrypion using
just a browser

This really isn't what you want Frank (at all!), but its bizarreness
plus tangential connection to your question was too good to miss:

http://www.links.org/?p=993

More information about the liberationtech mailing list