[liberationtech] pgp message encryption and decrypion using just a browser

Jacob Appelbaum jacob at appelbaum.net
Wed Feb 9 01:04:32 PST 2011 

On 02/08/2011 07:17 PM, David Dahl wrote:
> Jacob:
> 
> The main threat here are the black holes we all routinely dump
> personal information into in the social web. We need an API available
> in the DOM to encrypt text and messages. This needs to happen as so
> much software development has moved to the browser - this is a logical
> evolution.
> 

I agree. It will be nice when we have OTR over say facebook or gmail
messaging that takes place in the browser.

> I have not thought about the threat from XSS and other weaknesses a
> tool like this will have to deal with -yet. I have only had time to
> implement what you see in the demo. Signatures are no problem, I just
> have not written the front end.
> 

Ok.

> The DOM-accessible API is implemented in JavaScript (calling C
> libraries via jsctypes) behind the scenes in the chrome-privileged
> scope of Firefox. JavaScript (1.8.5) in Firefox allows for frozen
> objects and properties to lock things down:
> https://developer.mozilla.org/en/JavaScript/Reference/Global_Objects/Object/freeze
> - which I plan on using to keep external scripts from changing
> properties in the API.
> 
> There is a lot of work here to identify threats - quite a large test
> suite will be required. Another issue is what interface is secure
> enough to   type the passphrase into, and where do you keep your
> private key? Again, these things need to be figured out. For one, I
> plan on creating a generic chrome-privileged prompt to type in the
> passphrase. persistent storage is another matter altogether.
> 

Phishing is going to be an issue, I bet.

> I work at Mozilla and plan on hitting up the security team for advice
> on these issues as well. I would love to see a list of potential
> weaknesses from you, if you have the spare time.

Great. Well, I'd say that it would be good to write a specification or
to write a specification. Two great targets would be OpenPGP and OTR -
both would be useful in the browser. There are a lot of implementation
gotchas that will come up. I imagine that you'll find some crypto
operations aren't constant time when they should be, you'll also find
that web pages won't be served over TLS - so you can't trust javascript
or anything based on the DOM, etc.

In any case, it's hard stuff but it's a good direction. Happy Hacking!

All the best,
Jacob

More information about the liberationtech mailing list