* on the Wed, Apr 09, 2014 at 11:37:52PM +0100, One Jsim wrote: > PGP/GPG does not work easily with web-mail.
Roundcube plus the PGP plugin: http://roundcube.net/ https://github.com/qnrq/rc_openpgpjs The way it works is pretty cool. You paste your private PGP key into a form, and it doesn't get submitted to the server, it just gets stored in the browsers localstorage using JavaScript. So all PGP operations are done locally in the browser, rather than sending the key off to the server to do it server side. It's based on openpgp.js, which is basically a free javascript library for doing OpenPGP: http://openpgpjs.org/ The only problem is (and it's a big one), you have to trust the JavaScript that the server sends. The server could always send some evil JavaScript to you which reads the key from the browser storage and then sends it back to the server or elsewhere. Also, if there are any XSS flaws, there's another potential way of losing the key. -- Mike Cardwell https://grepular.com https://emailprivacytester.com OpenPGP Key 35BC AF1D 3AA2 1F84 3DC3 B0CF 70A5 F512 0018 461F XMPP OTR Key 8924 B06A 7917 AAF3 DBB1 BF1B 295C 3C78 3EF1 46B4
signature.asc
Description: Digital signature
_______________________________________________ Gnupg-users mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnupg-users
