chsados (OP)
|
|
May 30, 2013, 12:06:54 AM |
|
I am imagining a forum where private messages between users are automatically PGP encrypted behind the scenes. I am imagining where one would have to upload their public key to their profile page and somehow when Sam private messages Sally the server locates Sally's public key, encrypts Sam's message and then delivers a PGP ASCII message to Sally's inbox.
Does anyone know if any current forum software has a feature like this? If not, how do you think it could be done?
|
|
|
|
|
|
According to NIST and ECRYPT II, the cryptographic algorithms used in
Bitcoin are expected to be strong until at least 2030. (After that, it
will not be too difficult to transition to different algorithms.)
|
|
|
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
|
|
|
theymos
Administrator
Legendary
Offline
Activity: 5194
Merit: 12926
|
|
May 30, 2013, 12:20:15 AM |
|
It can't be done without a browser addon unless you want the forum to have your private key.
|
1NXYoJ5xU91Jp83XfVMHwwTUyZFK64BoAD
|
|
|
🏰 TradeFortress 🏰
Bitcoin Veteran
VIP
Legendary
Offline
Activity: 1316
Merit: 1043
👻
|
|
May 30, 2013, 09:27:39 AM |
|
It can't be done without a browser addon unless you want the forum to have your private key.
The forum doesn't need to decrypt the messages. The PM send page could have a JS PGP encrypt function, if a user has set a keyid in their profile. It would be up to the receiver to decrypt the messages themselves. The hard part has already being done: http://www.hanewin.net/encrypt/
|
|
|
|
|
🏰 TradeFortress 🏰
Bitcoin Veteran
VIP
Legendary
Offline
Activity: 1316
Merit: 1043
👻
|
|
May 30, 2013, 10:29:47 AM |
|
No, don't do this. People who use the GPG system can handle the decryption of themselves offline. Simply encrypting the message via JS is just ~3 lines of calling a premade library on the JS side, and a new DB column like the added Bitcoin addresses.
|
|
|
|
escrow.ms
Legendary
Offline
Activity: 1274
Merit: 1004
|
|
May 30, 2013, 10:37:14 AM |
|
No, don't do this. People who use the GPG system can handle the decryption of themselves offline.
Simply encrypting the message via JS is just ~3 lines of calling a premade library on the JS side, and a new DB column like the added Bitcoin addresses.
Then they can encrypt it themselves offline too, It takes less than 2 seconds to encrypt it using that site. what's the point of semi automatic pgp system. lazyness?
|
|
|
|
🏰 TradeFortress 🏰
Bitcoin Veteran
VIP
Legendary
Offline
Activity: 1316
Merit: 1043
👻
|
|
May 30, 2013, 10:41:16 AM |
|
No, don't do this. People who use the GPG system can handle the decryption of themselves offline.
Simply encrypting the message via JS is just ~3 lines of calling a premade library on the JS side, and a new DB column like the added Bitcoin addresses.
Then they can encrypt it themselves offline too, It takes less than 2 seconds to encrypt it using that site. what's the point of semi automatic pgp system. lazyness? People who PM me might not know what GPG is, have it installed, or know what a keyid is. They don't need to even know what it means if encryption is automated. Now, if you are using GPG, then it should be assumed that you have it installed and know how to decrypt.
|
|
|
|
theymos
Administrator
Legendary
Offline
Activity: 5194
Merit: 12926
|
|
May 30, 2013, 03:14:02 PM |
|
The forum doesn't need to decrypt the messages. The PM send page could have a JS PGP encrypt function, if a user has set a keyid in their profile. It would be up to the receiver to decrypt the messages themselves. The hard part has already being done: http://www.hanewin.net/encrypt/You still need a browser addon to prevent the forum from changing its JS to read your messages or steal your private key. Instead of integrating PGP into sites, the proper solution IMO is to improve PGP's browser (or OS) integration so that it can be easily used on all sites regardless of whether they know about PGP.
|
1NXYoJ5xU91Jp83XfVMHwwTUyZFK64BoAD
|
|
|
justusranvier
Legendary
Offline
Activity: 1400
Merit: 1009
|
|
May 30, 2013, 03:33:45 PM |
|
This would be cool but I'd be satisfied with the ability to upload a public key that the forum software would use to encrypt every email it sends me.
I'd like to be able reduce the amount of data mining my email provider can perform without giving up email entirely.
|
|
|
|
chsados (OP)
|
|
May 30, 2013, 09:53:01 PM |
|
thanks for all the suggestions. ill do some further research.
maybe implementing privnote.com could be an answer - obviously not 100% secure but better than nothing.
|
|
|
|
OpenYourEyes
|
|
May 30, 2013, 10:18:20 PM |
|
Not a solution to your actual issue, but why not use something like BitMessage? ( https://www.bitmessage.org/) A lot of people on here already have it, it's easy to install/setup for those that don't, and encrypts all the messages.
|
|
|
|
chsados (OP)
|
|
May 31, 2013, 01:00:39 AM |
|
Not a solution to your actual issue, but why not use something like BitMessage? ( https://www.bitmessage.org/) A lot of people on here already have it, it's easy to install/setup for those that don't, and encrypts all the messages. well bitmessage is a client and cannot be implemented into a forum website AFAIK
|
|
|
|
|