[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Ideas to securely implement PGP encryption/decryption

To: tor-talk@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-talk] Ideas to securely implement PGP encryption/decryption
From: tor@xxxxxxxxxxxxxxxxxx
Date: Fri, 14 Oct 2011 10:28:11 +0100
Delivered-to: archiver@xxxxxxxx
Delivery-date: Fri, 14 Oct 2011 05:28:37 -0400
Dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.grepular.com; s=dkim1; h=Content-Type:In-Reply-To:References:Subject:To:MIME-Version:From:Date:Message-ID; bh=LhRNNTKC7YfiEx3Ci4Bns+v3uKhUcQM81J8PBY2noVw=; b=XcvapBEBGzkcbz5rJSmr2iz+ShxguLh00f+NcqTINfmN7ow5h4HIYv3+QC15dH4R+2G9D36lNQVr77ew1gFO5PZMyC/3HJYPfNmiKJjmMszbIXsSa9Bbz8Kg84awVLl/SKSAiGrjT+a8rX++90yUAWf7t/rJ9sJrz0BYadmc4l0=;
In-reply-to: <1318541624.26077.15.camel@ubuntu>
List-archive: <http://lists.torproject.org/pipermail/tor-talk>
List-help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-id: "This mailing list is for all discussion about theory, design, and development of Onion Routing." <tor-talk.lists.torproject.org>
List-post: <mailto:tor-talk@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
Openpgp: url=https://grepular.com/0018461F.pub.asc
References: <4E9355A6.8030505@xxxxxxxxxxxxxxx> <4E936FFF.1080507@xxxxxxxxxxxxxx> <20111011020719.GF19690@xxxxxxxxxx> <4E9421AD.6040008@xxxxxxxxxxxxxx> <20111011203726.GH19690@xxxxxxxxxx> <1318541624.26077.15.camel@ubuntu>
Reply-to: tor-talk@xxxxxxxxxxxxxxxxxxxx
Sender: tor-talk-bounces@xxxxxxxxxxxxxxxxxxxx
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:7.0) Gecko/20110923 Thunderbird/7.0

I'm jumping into this thread late, and am not replying to a specific
email, I just wanted to add an idea I had a while ago.

1.) First of all, add some basic functions:

Select some encrypted/signed text, right click, select decrypt/verify.
See the results in a XUL window.

Right click a textarea, select "Enter encrypted text", a XUL window pops
up asking for the plain text. You enter that, and the encrypted text is
inserted into the textarea.

Select some text in a textarea, click sign, and see the text replaced by
the signed version.

2.) Make the following functions available to javascript:

window.gnupg.encrypt( callback )
window.gnupg.decrypt( data, callback )
window.gnupg.sign( data, callback )
window.gnupg.verify( data, callback )
window.gnupg.add_public_key( key, callback )

Others?

Whenever one of those operations could cause a privacy leak, such as the
site being able to automatically determine your key id, or determine
whether or not you have a particular public key in your ring, use a XUL
window to ask the user to authorise the request. Any decrypted data
should go into a separate XUL window.

Then, people who write applications like webmail clients can do stuff
like this:

if( "gnupg" in window ){
	thetextarea.onfocus = function(){
		window.gnupg.encrypt( function( ciphertext ){
			thetextarea.value = ciphertext;
		} );
	};
}

Which would mean that if somebody has the addon installed, and clicks
the textarea, window.gnupg.encrypt() would be called, which would spawn
the XUL window where they enter the plain text. Once the user has
entered the plain text, and hit "Save" or whatever, the callback
function would be called with the ciphertext as an argument.

The vast majority of sites, eg GMail wont implement something like this
(at least not at first), but we can do it ourselves by writing
greasemonkey (or similar) plugins.

If it is designed well enough, it could even become a standard one day
and be built directly into browsers.

-- 
Mike Cardwell https://grepular.com/  https://twitter.com/mickeyc
Professional  http://cardwellit.com/ http://linkedin.com/in/mikecardwell
PGP.mit.edu   0018461F/35BC AF1D 3AA2 1F84 3DC3 B0CF 70A5 F512 0018 461F

Attachment: signature.asc
Description: OpenPGP digital signature

_______________________________________________
tor-talk mailing list
tor-talk@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Follow-Ups:
- Re: [tor-talk] Ideas to securely implement PGP encryption/decryption
  - From: tor

References:
- [tor-talk] Ideas to securely implement PGP encryption/decryption
  - From: Fabio Pietrosanti (naif)
- Re: [tor-talk] Ideas to securely implement PGP encryption/decryption
  - From: Moritz Bartl
- Re: [tor-talk] Ideas to securely implement PGP encryption/decryption
  - From: Mike Perry
- Re: [tor-talk] Ideas to securely implement PGP encryption/decryption
  - From: Moritz Bartl
- Re: [tor-talk] Ideas to securely implement PGP encryption/decryption
  - From: Mike Perry
- Re: [tor-talk] Ideas to securely implement PGP encryption/decryption
  - From: katmagic

Prev by Author: Re: [tor-talk] Securing servers
Next by Author: Re: [tor-talk] Ideas to securely implement PGP encryption/decryption
Previous by thread: Re: [tor-talk] Ideas to securely implement PGP encryption/decryption
Next by thread: Re: [tor-talk] Ideas to securely implement PGP encryption/decryption
Index(es):
- Author
- Thread