web based shared secret symmetric encryption application
Hi! I'm looking for a decent free and open source application that would work similarly to "Hushmail Express message" (https://help.hushmail.com/entries/351388-I-have-received-an-encrypted-email-...) that would allow me to deposit an encrypted message on an apache web server that would be decrypted by the recipient using a shared secret (that's already established, so I don't need a key exchange mechanism). I read Tony's posts and his blog article (http://tonyarcieri.com/whats-wrong-with-webcrypto) and I'm well aware that browser based encryption is not optimal but I'm just looking for something slightly more secure than plain text email that could be used by an end user not willing to install GPG, not an NSA proof secure system. The (apache2/debian7) web server is physically under my control, I'm the only root (I hope! :-) and SSL/TLS is enabled. Thanks for your advice. cryptomars
W dniu 22.07.2014 17:13, Cryptoparty Marseille pisze:
Hi!
I'm looking for a decent free and open source application that would work similarly to "Hushmail Express message" (https://help.hushmail.com/entries/351388-I-have-received-an-encrypted-email-...) that would allow me to deposit an encrypted message on an apache web server that would be decrypted by the recipient using a shared secret (that's already established, so I don't need a key exchange mechanism).
I read Tony's posts and his blog article (http://tonyarcieri.com/whats-wrong-with-webcrypto) and I'm well aware that browser based encryption is not optimal but I'm just looking for something slightly more secure than plain text email that could be used by an end user not willing to install GPG, not an NSA proof secure system.
The (apache2/debian7) web server is physically under my control, I'm the only root (I hope! :-) and SSL/TLS is enabled.
Thanks for your advice.
Have you looked at ZeroBin and 0bin? They do more or less what you described. -- Łukasz "Cyber Killer" Korpalski mail: cyberkiller8@gmail.com xmpp: cyber_killer@jabster.pl site: http://website.cybkil.cu.cc gpgkey: 0x72511999 @ hkp://keys.gnupg.net //When replying to my e-mail, kindly please //write your message below the quoted text.
hi, you might want to have a look at the "Email Institution" Function of http://goldbug.sf.net this enables you to create within a p2p email system a virtual host, which is hosting your key and message. so the storage is not an encrypted apache, but a virtual institution email provider on the network. This is not browserbased, but clientbased. you can evaluate it within a cryptoparty at Marseille. In case this is not the fuction you want, you might want to look at the Rosetta CryptoPad, which is encrypting the message and then you can post it in any pastebin and your friend can grabb it there at any time and decrypt. so this can be done in a browser. Regards Randolph 2014-07-22 17:13 GMT+02:00 Cryptoparty Marseille <cryptomars@cryptoparty.fr>:
Hi!
I'm looking for a decent free and open source application that would work similarly to "Hushmail Express message" (https://help.hushmail.com/entries/351388-I-have-received-an-encrypted-email-...) that would allow me to deposit an encrypted message on an apache web server that would be decrypted by the recipient using a shared secret (that's already established, so I don't need a key exchange mechanism).
I read Tony's posts and his blog article (http://tonyarcieri.com/whats-wrong-with-webcrypto) and I'm well aware that browser based encryption is not optimal but I'm just looking for something slightly more secure than plain text email that could be used by an end user not willing to install GPG, not an NSA proof secure system.
The (apache2/debian7) web server is physically under my control, I'm the only root (I hope! :-) and SSL/TLS is enabled.
Thanks for your advice.
cryptomars
participants (3)
-
"Łukasz \"Cyber Killer\" Korpalski" -
Cryptoparty Marseille -
Randolph