Slashdot Mirror

← Back to Stories (view on slashdot.org)

OpenPGP Implemented In JavaScript

Posted by Unknown on from the what-won't-someone-do-next dept.

angry tapir writes with this excerpt from Tech World: "Researchers from German security firm Recurity Labs have released a JavaScript implementation of the OpenPGP specification that allows users to encrypt and decrypt webmail messages. Called GPG4Browsers, the tool functions as an extension for Google Chrome and now is capable of working with GMail." A quick gander at the source leaves me with the impression that it should be more or less portable to other browsers. It's also built using a lot of off-the-shelf Javascript libraries. (Who knew Javascript had a bignum library and a number of cipher implementations?)

12 of 167 comments (clear)

  1. Who knew? by Pieroxy · · Score: 4, Insightful

    who knew Javascript had a bignum library and a number of cipher implementations

    Those that know JavaScript?

    And I don't mean the kids copy/pasting stuff found on the web, but real people working with JavaScript and having knowledge of the language, libraries, etc.

    The biggest problem with JavaScript is that the world is plagued with kiddos that think they know JavaScript when all they know is how to search their needs on Google and copy/paste from there.

    --
    Write boring code, not shiny code!
    1. Re:Who knew? by LingNoi · · Score: 4, Insightful

      Ah yes, the stereotypical programmer.. You're either a genius or an idiot. You must be real fun to work with.

    2. Re:Who knew? by Anonymous Coward · · Score: 5, Interesting

      The short book, JavaScript: The Good Parts, by Douglas Crockford ....

    3. Re:Who knew? by slim · · Score: 5, Interesting

      It can't be done. The problem is that the language itself is so horribly broken that anything built upon it, be it libraries, applications, tutorials or books, will inherently be horrible, too. JavaScript just can't be salvaged. It needs to be discarded.

      I used to think this, but I don't any more. The aforementioned Crockford book is the bible on this.

      There is a "pleasant" Javascript community, and what they have done is to separate Javascript into three parts:
        - the good parts -- use them
        - the bad parts -- avoid using them altogether
        - the missing parts -- build acceptable workarounds to these using what's available

      For example, Javascript has a horrible tendency for scripts to pollute the global variable namespace. The community came up with the CommonJS module convention, which solves the problem rather neatly.

    4. Re:Who knew? by Anonymous Coward · · Score: 5, Funny

      The short book, JavaScript: The Good Parts, by Douglas Crockford ....

      A book on JavaScipt's good parts is short?! I am shocked, sir!

    5. Re:Who knew? by Zero__Kelvin · · Score: 4, Insightful

      The fact remains that a large majority of programmers today would do the world a service by changing careers. The industry is flooded with programmers who cannot program.

      --
      Guns don't kill people; Physics kills people! - John Lithgow as Dick Solomon on Third Rock From The Sun
    6. Re:Who knew? by Scaba · · Score: 5, Insightful

      JavaScript is a fad that's on its way out. The same thing happened to Ruby due to Ruby on Rails. The Ruby hype really started taking off around 2006, but by 2010 people realized how shitty Ruby and RoR actually are. That's why we hear almost nothing about either of them these days. The same thing is happening to JavaScript, although it's delayed slightly. It really started taking off around 2008, so it's a couple of years behind Ruby. By 2013, it's likely that JavaScript and its advocates will be widely shunned, too.

      2008? JavaScript gained widespread popularity around mid-1996, so by your reckoning it should have faded away sometime in 2001. Like all languages, JavaScript has its warts and WTF moments, but it is the poor craftsman who blames his tools, especially if those tools are being used by millions of other craftsman around the world to create all manner of novel and useful applications (to admittedly varying levels of quality, but again that's more about the developer's skill level than the language itself). Solving the JavaScript problem is a simple five-step process, though: create the One Perfect Language, convince the major browser manufacturers to include a flawless implementation, get all of the current JS developers to learn to code in it correctly, rewrite all existing codebases in it, and make the entire world upgrade their browsers. Done! Now, what's for lunch...?

  2. Re:Yeah right by Chrisq · · Score: 4, Informative
    Where do you get it that anyone but you has your private key? From TFA:

    A PGP user who wants to send and receive encrypted emails from a different computer, would have to install it on that system first, import his private and public keys into the local database, known as the keyring, and then configure his email client.

  3. Whats this obsession for everything in Javascript? by Viol8 · · Score: 4, Insightful

    In the last year or so suddenly everyone seems to write everything in javascript whether appropriate or not. So these guys really think the future of development lies in the browser which will what, replace the OS as the top level development platform? Sorry , but thats rubbish. It aint gonna happen. Too many disperate browsers with their own quirks and bugs, poor performance and ultimately limited functionality.

    So other than "to see if it can be done" what exactly is the point of these projects? However much webdevs might like it to happen, javascript won't be replacing Java, C++ or C# anytime soon for serious development.

  4. Re:Isn't encryption in JavaScript considered harmf by Chrisq · · Score: 4, Informative

    http://www.matasano.com/articles/javascript-cryptography/

    The above was written by someone without an understanding of public key cryptography. All you need to do is ensure that the crypto JavaScript is delivered through a secure channel. Once you have done that you can publish a public key on an insecure site and allow people to send data to you which cannot be intercepted. You can also let them generate a key pair and send you the public key, after which you can send them a response.

  5. "Wow, there's really no limit to what JS can do!" by dingen · · Score: 5, Insightful

    News flash: turing-complete programming languages can be used to created anything. Why is it news when another random project is done in Javascript?

    --
    Pretty good is actually pretty bad.
  6. Re:Key management by Anonymous Coward · · Score: 5, Funny

    So where do the keys get stored?

    They get stored in the Article.

    does that mean that you can only store keys per domain?

    That is also in the Article.

    And what stops a compromised site from lifting your keys while it's about encrypting or signing a message for you?

    Try reading the Article.

    I think for reasons of trust that if you were to use js PGP

    And I think that before you start spouting off with an opinion, maybe you should, you know, read the article so you have a clue what the fuck you're talking about.