Easy PGP Composer - Encrypting PGP messages in your browser

My friend @TPS asked me if there's an easy way to for a non tech-savvy person to share sensitive information like passwords with another person. In this situation I assume that the 'another person' is indeed tech-savvy and has a PGP keypair.

So I spent a couple of minutes to write a browser-based PGP encryption site.

It's pretty easy to use: Non tech-savvy people can type their message into the text area on the left side and the encrypted PGP message will be displayed on the right side in real time.
After that, the encrypted message can be sent over an unencrypted channel.

All encryption is done with javascript in the browser. No data is sent to the server.

You can find the sourcecode on GitHub and here's a screenshot:

I've set up a demo here: http://pgpcomposer.demo.0day.work/

Installation

All you need to set it up is:

  • Some PHP based webspace
  • A PGP public key

Simply follow these steps:

  • Clone the repository into your document root: https://github.com/gehaxelt/PHP-Easy-PGP-Composer.git
  • Move config.php.sample to config.php and edit the two variables:
    • $CONTACTNAME should be your name.
    • $KEYFILE is the path to your public key.
  • Copy your public key to the path defined in $KEYFILE.

How does it work?

Basically, OpenPGPJs does all the hard work for us.

First, we parse the public key:

var publicKey = openpgp.key.readArmored(<?php echo $PUBKEY; ?>);

Afterwards, we can encrypt the message with every update on the input:

$("#message").on('change keydown', function(event) {
	encryptMessage();
});

$("#mailfrom").on('change keydown', function(event) {
	encryptMessage();
})

function encryptMessage() {
	[...]
	openpgp.encryptMessage(publicKey.keys, message).then(function(pgpMessage) {
		$("#output").text(pgpMessage);
	});
}

There's really no more magic behind it! :)

-=-