OpenPGP.js v2.x
- OpenPGP implementation in JS
- browser, node.js and electron support
- native crypto primitives where available
- security audit by Cure53
- used by Mailvelope, ProtonMail, Hoodiecrow, ...
- ~8k downloads per month on NPM
AEAD packet support
- IETF draft for authenticated encryption
- currently AES-GCM only
- native crypto (WebCrypto and node.js)
- 30x faster than AES in JS
- mitigates timing attack vectors
OpenPGP.js v3.x roadmap
- ECC support (NIST curves & Ed25519)
- native SHA hashing via WebCrypto
- RSA asm.js primitive
- better modularization
Mailvelope
- OpenPGP for Webmail
- Chrome and Firefox Extension
- Cooperation with GMX / Web.de / 1&1
- Cooperation with De-Mail
- ~ 500.000 users
Mailvelope Key Server
- Prove email address, private key ownership
- Sends encrypted verification mail
- REST & HKP apis
- Node.js server in ES6 (uses OpenPGP.js)
- Runs on AWS with MongoDB cluster
- Learn more: https://keys.mailvelope.com
Mailvelope Integration
- Goal: ship in 3 months & validate UX
- Painless / automatic key lookup
- Recipient autocomplete in editor
- Gmail specific optimizations
- Upload when generating new key pair
- Shipped in Mailvelope v1.5.1!
Demo
Thanks! Questions?
OpenPGP Summit 2016
By tanx
OpenPGP Summit 2016
- 2,810