An Entirely Client-Side JavaScript PGP Encrypter

A while back I read this story about Lavabit and Silent Circle, and found it exceedingly creepy.

The only sure way around this problem is to encrypt on the client side, since any server-side solution, even assuming that your service provider has not turned over their TLS private key to the NSA, will always have that boundary where TLS hands off to the encrypter, and with gag orders, you'll never know if your service provider is secretly allowing the plaintext of your supposedly encrypted messages to be intercepted by the spooks. I think we all owe it to each other as citizens to encrypt our most trivial messages. If the NSA wants to know what everyone is saying, let's make them work for it. If we do not assert our natural right to private communication, we will lose it. Or should it be illegal to talk softly, or to have a conversation in the woods without wearing a government-approved listening device?

Thunderbird has a GPG/Enigmail solution, but if you don't use Thunderbird, but have someone's OpenPGP public key block (Thunderbird users: use "Attach My Public Key" when sending messages!), or if you have a public key block and want to let people encrypt arbitrary messages to you, this page might be helpful. After encrypting, just drop the encrypted message into an email; the person who gave you the key will know what to do with it. Encrypting a message also produces a link URL based on the public key, so you can bookmark the page for that key instead of pasting it in again. All encryption happens in your browser with nothing sent anywhere.

This application is 100% open source. It uses adaptations of Herbert Hanewinkel's PGP key extractor and encrypter. See the header of the javascript file for licensing information.

Have a kind word? Found a reproducible bug? You can contact me here. Feel free to encrypt the message! Here's my public key page.

encrypt the message