Skip to content


Barry de Graaff edited this page · 7 revisions


Table of Contents

Visual Overview

Visual Overview


Key Generation

Things will start to get sticky when we start doing things like key least from a security standpoint. There are a /lot/ of things that can break a good cryptosystem like PGP due to some oddities of Javascript. We need to be extremely careful when we write this code to make sure it's properly collecting entropy, as well as a few other things.

Secure key storage

Another potentially hard thing to keep secure. We should probably have a disclaimer about the fact that this is more or less a feature that's going to be nearly impossible to implement securely without hosing the JS on an SSL secured server. Would take a semi-skilled attacker to really get through either of these, but it wouldn't be unheard of.

Signature verification

This is already mostly done by myself (fitblip), I've figured out a good way of parsing out keys and text, as well as lots of error checking and whatnot. I also have all the algorithms to verify signatures for V4 keys finished, but can eventually expand them to V3 if we decide it's needed.

As of right now, I only have SHA256 working properly, but that's just a matter of replacing my hash call with the proper one in the preferred hashing algo/enclosed hashing algo.


Since RSA is essentially already doing the encryption/decryption, this shouldn't be hard. I have all the functions to parse out all the needed values from the public/private keys as well as any signatures we have. Then it's just a matter of getting all the math portions worked out (I recommend prototyping in a more sane language like python so we know the math is correct before just diving into javascript).


My code works for verification, but there are a number of places which I'd like to clean it up and make it run faster & smoother.

Other JavaScript OpenPGP Implementation

Other OpenSource OpenPGP Implementation

Other Related Projects

  • cr-gpg: A chrome plugin that enables gpg encryption and decryption for the gmail web interface
  • firebreath: FireBreath aims to be a cross-platform plugin architecture, targeting browsers that support NPAPI and Internet Explorer on Windows, Mac and Linux.
  • domcrypt: fast, native Public Key Encryption exposed to JavaScript/DOMWindows for Firefox
  • FirePG: FireGPG is a Firefox extension that provides an integrated interface to apply GnuPG operations to the text of any web page, including encryption, decryption, signing, and signature verification.
  • CryptoStick: A secure USB private key storage.

Back to the Main-Wiki

Something went wrong with that request. Please try again.