e2ee end 2 end encryption private messages using PGP/GPG instead of pure RSA

āš“ Dev    šŸ“… 2024-01-24    šŸ‘¤ solivagus    šŸ‘ļø 259      

solivagus

Warning

This post was published 36 days ago. The infomation described in this article may have changed.

Hi

@freedit I just began exploring freedit and it looks nice.

The private messaging is interesting, but there are some issues. Although this is easy for most people to generate a key and keep somewhere it has some drawbaks

  • The private messages use RSA, which is kind of off because the private key needs to be stored secured somewhere
  • You cannot import the RSA key into GPG
  • You cannot use an existing GPG/PGP generate certificate or exported pgp key to sign (gives error, I tried)
  • For large text this is slow, because GPG uses a dual RSA/AES symetric/assymetric hybrid encription . Effectively generating AES keys (from RSA ones) which are used for encryption

The added benefits of supporting GPG would be that one can password protect his private key and just use whatever app (s)he wishes for encryption.

Iā€™m just wondering

  • Could it be possible to add https://openpgpjs.org/ GPGJS ? - IT seems quite easy to do https://github.com/openpgpjs/openpgpjs/blob/main/README.md#getting-started
  • Alternatively simply have access to the public key exported before sending a message so one can import it into gpg to do encryption/decryption

Anyway good job. I like the system philosophy!

Thanks!

šŸ·ļø gpg šŸ·ļø pgp

freedit    2024-01-25 šŸ‘ šŸ‘Ž

Actually, I tried to use EHCD at first(https://freedit.eu/post/1/168).

But I gave up because the browser crypto api seems limited. In a limited time, I just copied everything from another open source project.

I am agree with you everything except the speed. The current solution use hybrid encryption too.

And at this moment, I have no time to read GPGJS documentation. As you can see, there are a lot more important issues to be done.

1