This package contains classes to generate OpenPGP public-key encrypted messages. The output is compatible with GnuPG and other OpenPGP implementations.

This example encrypts text, such as a password, using the GnuPG public key of the server. The resulting OpenPGP message may then be securely sent to the server and decrypted.

• On the server, use GnuPG gpg –gen-key to generate a public-private key pair
  • Move the resulting .gnupg directory into a location accessible to the httpd daemon but outside the htdocs area
  • Make the .gnupg directory accessible only to the httpd daemon by setting the owner and mode
  • Provide a web service, such as an RPC, for the qooxdoo desktop app to download the public key block
• In the qooxdoo app, encrypt a plain text message msg as follows:

var pgpMsg = openpgp.Encoder.encrypt(serverPubKeyBlock, msg);'

• Send pgpMsg to the server app for decryption, for example, using an RPC service
  • The plain text message is secured within the cipher text of pgpMsg

• For encrypting multiple messages with the same public key, this technique is more efficient:

var encoder = new openpgp.Encoder(serverPubKeyBlock);
var pgpMsg = encoder.encrypt(msg);

• This approach re-uses the same encoder object to encrypt each message, avoiding the expense of repeatedly instantiating a number of objects in each call to the static openpgp.Encoder.encrypt method.
• However, if messages are sent infrequently, the static openpgp.Encoder.encrypt()method is less costly, because an encoder object continuously collects “entropy” from mouse move and keystroke events. This “entropy” is combined with other pseudo-random factors to generate session keys, which must be unpredictable. The static method stops entropy collection before returning the encrypted message.

Please make sure any of the input used is covered by a license compatible to LGPL/EPL!

• qooxdoo bugzilla: 47, 808
• PGP / GnuPG / OpenPGP Message Encryption in JavaScript (Herbert Hanewinkel)
  • ported as OpenPGP package within the qooxdoo-contrib Crypto
  • replaced GPL-licensed big integer library rsa.js by porting http://www-cs-students.stanford.edu/~tjw/jsbn/jsbn.js
  • crypto.openpgp generates public-key encrypted OpenPGP messages compatible with GnuPG
• JavaScript MD4, MD5 and SHA-1 (Paul Johnston)
• JavaScrypt: Browser-Based Cryptography Tools (John Walker)
• dojox.encoding
• BigIntegers and RSA in JavaScript
• SHA-1, AES, TEA (Moveable Type)
• SHA (Angel Marin)
• ecmaScrypt (Josh Davis)
• RSA in JavaScript
• nsICryptoHash (Mozilla)
• Native base64 (Mozilla, Webkit?)