[tor-talk] Ideas to securely implement PGP encryption/decryption
Fabio Pietrosanti (naif)
lists at infosecurity.ch
Mon Oct 10 20:29:26 UTC 2011
Hi all,
i understand all the doubt from Mike and Ransom about the possible
exposure of user's security trough the exposure of functionality that
can be "called by a remote web-application".
This is an idea to mitigate most possible security issues:
* Put the encryption functionality into the hands of user actions
* Provide minimal interaction between Javascript/XUL functionalities
Basically a user would like to encrypt/decrypt/sign:
- text form
- file uploaded/downloaded
That kind of actions could be implemented like explicit actions that the
user have to take.
* Text form Encryption
- Right click on web/text form -> Encrypt/Decrypt
* File Encryption
- Upload Box can provide an option (in the file browsing window) to Encrypt
- Download Box can detect if it's encrypted, and provide an option to
Decrypt (in the file download box)
This would work without any server-side
invocation/manipulation/whatsoever trough client-side code that could
expose vulnerabilities.
That way there will be a "user firewall" between the encryption
functionality and the possible active content coming from the server
mitigating the risks of possible XUL/XSS and other attacks coming from
active-javascript calling XUL.
Also Key Management functionality could stay off protected by making a
proper section (XUL) under Firefox options/menu that the user can use.
No code coming from the web would be allowed to interact with the
plug-in but the end-user will still have all the encryption features
under his power, usable in a modern web-based world.
What do you think?
-naif
More information about the tor-talk
mailing list