2key-ratchet
end-to-end
2key-ratchet | end-to-end | |
---|---|---|
1 | 8 | |
109 | 4,133 | |
5.5% | 0.0% | |
0.0 | 0.0 | |
over 1 year ago | about 1 year ago | |
TypeScript | JavaScript | |
MIT License | Apache License 2.0 |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
2key-ratchet
-
How to do E2EE in the Browser correctly if even possible?
I found a Library (2key-ratchet) which claims to have implemented the "Double Ratchet" protocol and X3DH in Typescript. Due to the Differences stated in the Repo: Is this a good Replacement for my Testing "Stack"?
end-to-end
-
age and authenticated encryption
[1] No warning on decrypting Tag 9 (no integrity protection) packets
-
A few questions for the dev…
In contrast, companies like Standard Notes actually uses their own home-built encryption library, which is why it's a bit more critical that they go through these audits more often and quickly than others. And despite the audits, this home-brewed encryption library puts them at a much bigger risk, due to the fact that it's never going to be as thoroughly battle tested as an open industry-standard encryption like OpenPGP, used by much larger companies like Google, Protonmail, etc.
- End-to-End Encryption Threat Model
-
End-to-end encryption messaging implementation
https://github.com/google/end-to-end ?
-
How to do E2EE in the Browser correctly if even possible?
When Google was looking at implementing E2E mail via a browser plugin, it gave up in part because of the difficulties of doing it right. They published the library and documentation, but the more valuable part was the threat model. In it they examine the assets to protect, threat sources both inside and outside the threat model, UI threats, message threats, key-related threats, cryptographic threats, and other threats. It's an excellent walk-through of just how difficult it is to do general encryption right, and why doing it in the browser is so hard.
-
Signal protocol security of messages
With that in mind, secure messaging in a browser is a nightmare. Google tried to figure out a way to do end-to-end in a browser, mostly in the context of e-mail but it could be extended to chat applications. They wrote up a threat model that you really should read. They identified five threat sources within the architecture and six more that they acknowledge but don't delve into. They also discuss four UI-based threats, four message-based, four key-based, and two cryptographic threats, and each of those threats has subthreats. Finally, they wrap with three "Other" threats. They dropped the project soon after.
-
Browser extension that makes any web app E2E encrypted?
Google E2E Library — Unsure how up-to-date this ... limited GitHub activity.
What are some alternatives?
exifcleaner - Cross-platform desktop GUI app to clean image metadata
openpgpjs - OpenPGP implementation for JavaScript
ios - EteSync - Secure, end-to-end encrypted, and privacy respecting sync for your contacts, calendars and tasks.
freedom-pgp-e2e - Wrapping up end-to-end code and provide in freedom custom API.
jslib - Common code referenced across Bitwarden JavaScript projects.
otrv4 - Off-the-Record Messaging Protocol version 4. -This is a draft- This repository is a mirror of http://bugs.otr.im/otrv4/otrv4
Tutanota makes encryption easy - Tuta is an email service with a strong focus on security and privacy that lets you encrypt emails, contacts and calendar entries on all your devices.
PGP-Anywhere - Chrome browser extension to de- & encrypt PGP in your browser
PKI.js - PKI.js is a pure JavaScript library implementing the formats that are used in PKI applications (signing, encryption, certificate requests, OCSP and TSP requests/responses). It is built on WebCrypto (Web Cryptography API) and requires no plug-ins.
2Password - 2Password: A cryptography experiment
gnupg - The GNU Privacy Guard. NOTE: Maintainers are not tracking this mirror. Do not make pull requests here, nor comment any commits, submit them usual way to bug tracker (https://www.gnupg.org/documentation/bts.html) or to the mailing list (https://www.gnupg.org/documentation/mailing-lists.html).
bogbook - bogbook v3 - A replicated and secure social network made from ed25519 hash chains