[tor-talk] Ideas to securely implement PGP encryption/decryption

tor at lists.grepular.com tor at lists.grepular.com
Fri Oct 14 09:39:47 UTC 2011


On 14/10/11 10:28, tor at lists.grepular.com wrote:

> if( "gnupg" in window ){
> 	thetextarea.onfocus = function(){
> 		window.gnupg.encrypt( function( ciphertext ){
> 			thetextarea.value = ciphertext;
> 		} );
> 	};
> }

Another example;

if( "gnupg" in window ){
  if( window.gnupg.has_signed_text(thetextarea.value) ){
    add_verify_button( thetextarea );
  }
}

function add_verify_button ( thetextarea ){
  var verify_button = document.createElement('input');
  verify_button.type='submit';
  ..blah blah styling, inserting into the DOM etc..

  verify_button.onclick = function(){
    window.gnupg.verify( thetextarea.value );
  };
}

window.gnupg.verify would return immediately, but would open a XUL
window specifying whether or not the text had been signed correctly. It
would also give you the option of pulling the key down from a keyserver.

It would need to display the actual signed text as well so we know that
the text being tested is the text we think is being tested and that the
javascript hasn't just called window.gnupg.verify with some other known
good signed text.

-- 
Mike Cardwell https://grepular.com/  https://twitter.com/mickeyc
Professional  http://cardwellit.com/ http://linkedin.com/in/mikecardwell
PGP.mit.edu   0018461F/35BC AF1D 3AA2 1F84 3DC3 B0CF 70A5 F512 0018 461F

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 455 bytes
Desc: OpenPGP digital signature
URL: <http://lists.torproject.org/pipermail/tor-talk/attachments/20111014/c30846be/attachment.pgp>


More information about the tor-talk mailing list