[liberationtech] pgp message encryption and decrypion using just a browser
David Dahl
david at ddahl.com
Tue Feb 8 15:48:52 PST 2011
I have been wanting to follow up on this thread, which means writing
some code.:)
I have distilled the 3 methods needed to construct any kind of
PGP-like web application. My new extension, DOMCrypt, attaches a
'crypt' property to each web page giving Javascript developers
crypt.generateKeyPair(), crypt.encrypt() and crypt.decrypt().
All of the underlying crypto code is handled by NSS - the same library
used for the SSL/HTTPS. This is not a 'native JS' solution. It is fast
C code under the hood.
See http://mozilla.ddahl.com/domcrypt/demo.html for a demo, the code
is here: https://github.com/daviddahl/domcrypt
Regards,
David
On Sun, Sep 26, 2010 at 6:21 AM, David Dahl <david at ddahl.com> wrote:
> I have been experimenting with the JavaScript API for PKI that is
> provided by Firefox Sync. The underlying bits are implemented in C++
> (NSS), so it is pretty fast. I am slowly building up a toolkit for
> messaging in a pseudo-anonymous fashion called "Droplettr" and am
> looking for contributors. The entire thing is open source and is
> designed to be used like a protocol instead of a walled garden.
>
> Repo: http://bitbucket.org/daviddahl/droplettr/
>
> Site: https://droplettr.com/
>
> Things are in a state of brokenness at the moment, as this is a side
> research project of mine.
>
> Regards,
>
> David
>
> On Sat, Sep 25, 2010 at 12:00 AM, Danny O'Brien <DObrien at cpj.org> wrote:
>> This really isn't what you want Frank (at all!), but its bizarreness plus tangential connection to your question was too good to miss:
>>
>> http://www.links.org/?p=993
>>
>> It's TLS (including client-side certificates), re-implemented in in-browser Javascript. Ben's point is that such an implementation allows greater experimentation with security UI, which I think everyone agrees is the current Hard Problem.
>>
>> d.
>>
>> On Sep 23, 2010, at 11:08 PM, Frank Corrigan wrote:
>>
>>> For some time I have been investigating the availability of web pages
>>> that provide easy to use password creation and message encryption
>>> functions, which only depend upon web browsers inbuilt javascript
>>> capabilities and can therefore be downloaded and used off line. And
>>> works across all common OSs and browsers.
>>>
>>> Examples are
>>> https://www.pwdhash.com
>>> as one of many options for password creation
>>>
>>> and http://www.hanewin.net/encrypt/PGcrypt.htm
>>> to encrypt messages using a recipients pgp Public key.
>>>
>>> The help I am requesting is whether anyone knows of an online resource,
>>> that meets the above criteria, that can not only encrypt text using a
>>> pgp Public key but also has a facility to decrypt a pgp message with the
>>> recipients Private key?
>>>
>>> I am aware of FireGPG:
>>> http://getfiregpg.org/s/home
>>>
>>> which is excellent, though sadly now discontinued, but it is tied to
>>> Fire Fox through an add-on and it's functions are dependent upon a local
>>> install of GPG.
>>>
>>> Thanks
>>> Frank
>>> _______________________________________________
>>> liberationtech mailing list
>>> liberationtech at lists.stanford.edu
>>>
>>> Should you need to change your subscription options, please go to:
>>>
>>> https://mailman.stanford.edu/mailman/listinfo/liberationtech
>>
>> _______________________________________________
>> liberationtech mailing list
>> liberationtech at lists.stanford.edu
>>
>> Should you need to change your subscription options, please go to:
>>
>> https://mailman.stanford.edu/mailman/listinfo/liberationtech
>>
>
More information about the liberationtech
mailing list