openpgpjs
end-to-end
openpgpjs | end-to-end | |
---|---|---|
33 | 8 | |
5,573 | 4,133 | |
0.2% | 0.0% | |
6.7 | 0.0 | |
14 days ago | about 1 year ago | |
JavaScript | JavaScript | |
GNU Lesser General Public License v3.0 only | Apache License 2.0 |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
openpgpjs
-
Why isn't VeraCrypt being updated? Is it abandoned?
not a great example, in the FOSS side of things GnuPG is being constantly worked on as is openpgp.js
-
Client-side encryption for Gmail is now generally available
https://openpgpjs.org/
A number of Chrome (and I think also Firefox) extensions include their own local copy of OoenPGP.js for use with various webmail services, including GMail.
WKD (and HKP) depends upon HTTPS without cert pinning, FWIU: https://wiki.gnupg.org/WKD
How does an email client use WKD?
-
Help with BouncyCastle OpenPGP (Java)
I know this might not be the appropriate sub, but does anyone know if there are any good learning resources on this? I am struggling to implement an OpenPGP application using Java, and the documentation is no help. I have had great luck with https://openpgpjs.org/ (a very well documented resource), but I don't understand how to accomplish generating keys, storing them in armored files, and using the stored keys for signing and encryption with BouncyCastle. Any pointers would be greatly appreciated.
- Storing user data on a server without the server admin being able to read it
- Does Proton Drive compress files when you upload to the platform?
-
How to use nodejs libs in react native?
I used openpgpjs to do all the encryption and decryption. It works perfectly in the browser and nodejs, but not in react native :(
-
I'm Phil Zimmermann and I created PGP, the most widely used email encryption software in the world. Ask me anything!
What's your opinion of OpenPGPJs? Do you think JavaScript is just too insecure for it to be safe?
- How do a I code a super long "word" (pgp key) using html without spaces at the end of line? Better description of problem in post
- Self-hosted end-to-end encrypted email service?
-
A few questions for the dev…
a) We use an open source cryptographic library, OpenPGPjs, which is built by the good folks over at Protonmail, and the library itself is frequently audited. Here's one. And everything you see and use on Cryptee is built on top of this.
end-to-end
-
age and authenticated encryption
[1] No warning on decrypting Tag 9 (no integrity protection) packets
-
A few questions for the dev…
In contrast, companies like Standard Notes actually uses their own home-built encryption library, which is why it's a bit more critical that they go through these audits more often and quickly than others. And despite the audits, this home-brewed encryption library puts them at a much bigger risk, due to the fact that it's never going to be as thoroughly battle tested as an open industry-standard encryption like OpenPGP, used by much larger companies like Google, Protonmail, etc.
- End-to-End Encryption Threat Model
-
End-to-end encryption messaging implementation
https://github.com/google/end-to-end ?
-
How to do E2EE in the Browser correctly if even possible?
When Google was looking at implementing E2E mail via a browser plugin, it gave up in part because of the difficulties of doing it right. They published the library and documentation, but the more valuable part was the threat model. In it they examine the assets to protect, threat sources both inside and outside the threat model, UI threats, message threats, key-related threats, cryptographic threats, and other threats. It's an excellent walk-through of just how difficult it is to do general encryption right, and why doing it in the browser is so hard.
-
Signal protocol security of messages
With that in mind, secure messaging in a browser is a nightmare. Google tried to figure out a way to do end-to-end in a browser, mostly in the context of e-mail but it could be extended to chat applications. They wrote up a threat model that you really should read. They identified five threat sources within the architecture and six more that they acknowledge but don't delve into. They also discuss four UI-based threats, four message-based, four key-based, and two cryptographic threats, and each of those threats has subthreats. Finally, they wrap with three "Other" threats. They dropped the project soon after.
-
Browser extension that makes any web app E2E encrypted?
Google E2E Library — Unsure how up-to-date this ... limited GitHub activity.
What are some alternatives?
libsignal - Home to the Signal Protocol as well as other cryptographic primitives which make Signal possible.
freedom-pgp-e2e - Wrapping up end-to-end code and provide in freedom custom API.
Coze - Coze is a cryptographic JSON messaging specification.
otrv4 - Off-the-Record Messaging Protocol version 4. -This is a draft- This repository is a mirror of http://bugs.otr.im/otrv4/otrv4
WebClient - Monorepo hosting the proton web clients [Moved to: https://github.com/ProtonMail/WebClients]
PGP-Anywhere - Chrome browser extension to de- & encrypt PGP in your browser
2key-ratchet - 2key-ratchet is an implementation of a Double Ratchet protocol and X3DH in TypeScript utilizing WebCrypto.
neutron - Self-hosted server for the ProtonMail client
2Password - 2Password: A cryptography experiment
parsemail - Hanami fork of https://github.com/DusanKasan/parsemail
gnupg - The GNU Privacy Guard. NOTE: Maintainers are not tracking this mirror. Do not make pull requests here, nor comment any commits, submit them usual way to bug tracker (https://www.gnupg.org/documentation/bts.html) or to the mailing list (https://www.gnupg.org/documentation/mailing-lists.html).