OpenPGP implemented in JS.

15 views
Skip to first unread message

HansWobbe

unread,
Nov 23, 2011, 8:58:23 AM11/23/11
to tiddl...@googlegroups.com
I believe this will be of interest to some of the folk here.
http://developers.slashdot.org/story/11/11/22/0422223/openpgp-implemented-in-javascript

PMario

unread,
Nov 23, 2011, 11:14:32 AM11/23/11
to TiddlyWiki
Hello Hans,
Thx for the link.

I'm quite interested in js encryption but at the moment, it seems, all
the stuff available, doesn't add security to browser based encryption
stuff.

As the "Introduction" below [1] states, it is at prototype state. I
marked the text ( see ->>...<<- below) that makes me courious.

-m

=[1]== quote from Developer Documentation (PDF) ====
! Introduction
The OpenPGP JavaScript implementation can be used to make OpenPGP
available to Web-based Mail-applications. Especially in environments
where code execution or programs on the operating system level cannot
be executed this implementation can be used.

The implementation currently implements a Chrome Browser Extension
which uses the HTML5 local storage of the extension to store private
and public certificates (keys). Chrome Browser Extensions enabling
JavaScript applications to run in their own context separated from the
Web-site. This is a basic security feature this implementation uses. -
>> Since memory-wipe of private data and validation of a secure
execution environment cannot be achieved in JavaScript this
implementation should not be used in environments where the
confidentiality and integrity of the transmitted data is important.
<<-

The implementation is in a prototype state.
======

[1] http://gpg4browsers.recurity.com/GPG4Browsers-Developer_Documentation.pdf

HansWobbe

unread,
Nov 24, 2011, 4:30:39 PM11/24/11
to tiddl...@googlegroups.com
Mario:

You are very welcome, indeed.

Like you, I have some reservations about using this library at this early time in uits development, but I am optimistic that this might evolve in a direction that will be usefuo for at least the next few years.  If so, then I will likely base some of our development on it since it is increasing apparent that we will be using structured eMails as an inter-process communications mechanism.

Cheers,
Hans
Reply all
Reply to author
Forward
0 new messages