Skip to content
/ Uplocker Public

Uplocker - Browser Plugin Prototype for E2E Encryption

License

View license
1 star 2 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

lev-csouffrant/Uplocker

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

44 Commits
lib
lib
 
 
src
src
 
 
test
test
 
 
LICENSE
LICENSE
 
 
LICENSE-3RD-PARTY
LICENSE-3RD-PARTY
 
 
README.md
README.md
 
 
manifest.json
manifest.json
 
 

Repository files navigation

Uplocker - PGP E2E Encryption Browser Plugin

Browser Plugin Prototype for E2E Encryption

Currently supports encrypting files in websites with a PGP key. Can only work with websites that contain the required tags embedded in the page described below, as well as forms that only submit a single file.

This code is licensed under GNU Affero General Public License v3, but includes libraries with other licenses as defined in LICENSE-3RD-PARTY

How To Use:

To install the plugin, open up Firefox and visit about:debugging. From here you can click "Load Temporary add-on" and load the manifest.json file.

To support the plugin on the server you need to provide a few HTML tags (such as meta tags) with the proper name and content pairs. Currently the tags supported are:

  • e2e_plugin_pgp_key : The public PGP key to encrypt with
  • e2e_plugin_form_name : The name of the form to intercept
  • e2e_plugin_file_encrypt : The name of the element for the filepicker
  • e2e_plugin_extra_items : Additional form elements that need to be submitted (such as CSRF tokens) as a comma seperated list
  • e2e_plugin_string_encrypt : Additional form elements that need to be submitted as encrypted strings as a comma seperated list

As an example of how to support this in Securedrop (The project that motivated this extension), add the following code to lookup.html (the PGP key needs to be provided as a render argument in Flask):

<meta name="e2e_plugin_pgp_key" content = "{{ pgp_key }}">
<meta name="e2e_plugin_form_name" content = "upload">
<meta name="e2e_plugin_file_encrypt" content = "fh">
<meta name="e2e_plugin_extra_items" content = "csrf_token">
<meta name="e2e_plugin_string_encrypt" content = "msg">

TODO:

  • Clean up code a bit further, i.e. measuring performance and writing more tests
  • Asynchronous encryption can lead to UX requirements that's not handled if submit is clicked before test is completed. This should notify the user "file still encrypting" or something. The best idea might be to have the plugin popup saying "file is currently encrypting"
  • With some fancy javascript it should be possible to iterate through all the form elements that will be submitted, thus removing the need for the extra_items and potentially the file_encrypt meta elements. (However forms with multiple file selects will need to be supported before that is possible)
  • Right now dependencies are hardcoded and there is no build process. Webpack should be used to support this in the future.

Tests worried about:

  • Files might eat up 2-4x memory than the original size because they are transferred to background and back. We attempted to make these transferable objects which hopefully passed by reference
  • Need to weigh if time + memory to compress outweighs the benefit of saving bandwidth

Credits:

  • Icon made by Pixelmeetup from www.flaticon.com
  • Encryption using Openpgpjs library
  • Compression using Pako library

About

Uplocker - Browser Plugin Prototype for E2E Encryption

Resources

Readme

License

View license
Activity

Stars

1 star

Watchers

1 watching

Forks

2 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 2

  •  
  •  

Languages