Use your web browser to encrypt and decrypt files using public-key cryptography, in order to exchange confidential files with others through an insecure medium such as email, instant messaging, etc.
If you are already familiar with the basics of public-key encryption (also known as asymmetric cryptography), great! But if not, no problem. The main menu above will guide you through the process. Start by indicating whether you sending a confidential file to someone else or you are receiving a confidential file from someone else.
This page uses javascript running within your web browser to encrypt and decrypt files client-side, in-browser. This page makes no network connections during this process, to ensure that your files and keys never leave the web browser during the process. This can be independently verified by reviewing the source code for this page, or by monitoring your web browser's networking activity during operation of this page. This page can also be downloaded and run locally on your system offline.
All client-side cryptography is implemented using the Web Crypto API. Key pairs are generated using Diffie-Hellman elliptic curve cryptography with the P-256 curve. A shared secret between the sender and recipient is derived using ECDH key exchange. The confidential file is then encrypted using 256-bit AES-GCM, using the shared secret as the AES key.
This web page is self-contained. The page does not require any supporting files; all javascript and css for this page is contained in the source code of this page. To run this page locally on your system offline, simply save this page to your system as a .html file, then open the file from your system in your web browser (optionally with networking disabled).
The expected SHA256 checksum hash of the .html file containing this page is posted at https://github.com/meixler/web-browser-based-public-key-encryption. If loading this page from a web server, you can verify that the checksum hash of the .html file downloaded from the web server matches the expected checksum hash using the Page Integrity browser extension. If running this page offline, it is recommended that you verify that the checksum hash of the .html file matches the expected checksum hash before opening the file in your web browser.
This project is licensed under the GPL-3.0 open source license.
This project can be found on GitHub at https://github.com/meixler/web-browser-based-public-key-encryption.
Please contact MTI for any questions or comments concerning this project.
The first step in the process of using public-key encryption to send a confidential file to someone else is for the recipient to create a public and private key pair. You will need the recipient's public key file in order to proceed. Contact the recipient, and direct the recipient to this page, where the recipient can create a key pair, then send you their public key file.
The first step in the process of using public-key encryption to receive a confidential file from someone else is for you (the recipient) to create a public and private key pair. Click the button below to create a key pair. Then, save both the private key file and the public key file to your system.
The private key file must be stored securely on your system and should never be shared with anyone (hence the name 'private key'). The public key file can be shared with someone that needs to encrypt a confidential file to send to you. After saving both files to your system. send the public key file to the sender, and direct the sender to this page to proceed with the next steps. The public key file can be sent to the sender via email, instant messaging, or any other (secure or insecure) medium.
Next Steps:
After the sender receives your public key file, the sender will proceed using this page. The next step is for the sender to verify that the public key file that he/she received from you was not compromised by an adversary in transit from you to the sender. The sender will contact you to verify the public key in the file. At that point, return to this page and the main menu will guide you through the verifcation process. You will need your private key file for this step.
Upon successful verification of the public key, the sender will use your public key file to encrypt the confidential file, and send the encrypted confidential file to you. At that point, you will need your private key file to decrypt the confidential file. Again, return to this page, and the main menu will guide you through the process.
To ensure that the recipient's public key was not compromised by an adversary while in transit from the recipient to you, the recipient's public key must be verified.
To start, click the button below to open the recipient's public key file that you received from the recipient. Then, contact the recipient by phone (or through some medium other than the medium through which the recipient sent you their public key file). Verify that you are in fact in contact with the recipient that you intend to send the confidential file to. Then, direct the recipient to this page, and ask the recipient to proceed with the verification procedure from their end. The main menu will guide the recipient through this procedure.
Both you and the recipient should have identical codes for code 1 and code 2 below:
|
Code 1
Ask the recipient to read code 1 to you from their device. Confirm that it matches code 1 above: |
Code 2
Read code 2 above to the recipient. The recipient should confirm that it matches code 2 on their device. |
If there is a mismatch in either of the codes above, then both you and the recipient should start the entire process over, with the recipient generating a new key pair and sending you their new public key file. If both codes match, then you can proceed to encrypt the confidential file using the recipient's public key. Use the main menu above to guide you through this step.
To ensure that your public key was not compromised by an adversary while in transit from you to the sender, the sender must verify your public key.
To start, click the button below to open your private key file.
Both you and the sender should have identical codes for code 1 and code 2 below:
|
Code 1
Read code 1 above to the sender. The sender should confirm that it matches code 1 on their device. |
Code 2
Ask the sender to read code 2 to you from their device. Confirm that it matches code 2 above: |
If there is a mismatch in either of the codes above, then both you and the sender should start the entire process over, with you generating a new key pair and sending your new public key file to the sender. If both codes match, then the sender can proceed to encrypt the confidential file using the your public key. Wait to receive the encrypted confidential file from the sender, then return to this page and use the main menu to guide you through the step to decrypt the confidential file.
You are now ready to encrypt the confidential file using the recipient's public key. Use the buttons below to select the recipient's public key file and the confidential file to encrypt. Then click 'Encrypt File', and finally save the encrypted file to your system.
Select recipient's public key file:
Select confidential file to encrypt:
After saving the encrypted file, send the encrypted file to the recipient. The encrypted file can be sent to the recipient via email, instant messaging, or any other (secure or insecure) medium. Upon receiving the encrypted file, the recipient can proceed to decrypt the file using this page.
The sender has encrypted the confidential file using your public key, and now you are ready to decrypt the file using your private key. Use the buttons below to select your private key file and the encrypted confidential file to decrypt. Then click 'Decrypt File', and finally save the decrypted file to your system.
Select private key file:
Select encrypted confidential file to decrypt:
After saving the decrypted file, it is recommended that you delete the key pair that you used to receive this encrypted file, and create a new key pair next time you need to receive another encrypted file.
Hang tight and wait to hear back from the sender!