OpenPGP.js &

Mailvelope Key Server

@tankredhase

OpenPGP.js v2.x

  • OpenPGP implementation in JS
  • browser, node.js and electron support
  • native crypto primitives where available
  • security audit by Cure53
  • used by Mailvelope, ProtonMail, Hoodiecrow, ...
  • ~8k downloads per month on NPM 

AEAD packet support

  • IETF draft for authenticated encryption
  • currently AES-GCM only
  • native crypto (WebCrypto and node.js)
  • 30x faster than AES in JS
  • mitigates timing attack vectors

OpenPGP.js v3.x roadmap

  • ECC support (NIST curves & Ed25519)
  • native SHA hashing via WebCrypto
  • RSA asm.js primitive
  • better modularization

Mailvelope

  • OpenPGP for Webmail
  • Chrome and Firefox Extension
  • Cooperation with GMX / Web.de / 1&1
  • Cooperation with De-Mail
  • ~ 500.000 users

Mailvelope Key Server

  • Prove email address, private key ownership
  • Sends encrypted verification mail
  • REST & HKP apis
  • Node.js server in ES6 (uses OpenPGP.js)
  • Runs on AWS with MongoDB cluster
  • Learn more: https://keys.mailvelope.com

Mailvelope Integration

  • Goal: ship in 3 months & validate UX
  • Painless / automatic key lookup
  • Recipient autocomplete in editor
  • Gmail specific optimizations
  • Upload when generating new key pair
  • Shipped in Mailvelope v1.5.1

Demo

Thanks! Questions?

OpenPGP Summit 2016

By tanx

OpenPGP Summit 2016

  • 2,810