[Demexp-dev] Freenigma: a way to encrypt on the client with web technlogy

[David MENTRE]

Hello,

While reading lwn.net, I found this announcement of Freenigma service:
 http://www.freenigma.com/index.html

Freenigma is a way to encrypt emails in web mails. What is interesting
is that encryption is done on the client side, in the web browser
(with of course some help of a server). This is done with apparently a
pure Javascript Firefox extension, working on MacOS, Linux and
Windows.

> From http://www.freenigma.com/frequentlyaskedquestions/index.html
"""
Does freenigma send my mails to the freenigma server for encryption?

No. All mail is encrypted or decrypted directly in the webmail client
(i.e. directly in the browser). But how does that work?! For the
experts: when making an encryption request, the freenigma extension
sends nothing more than the list of recipient addresses to the
freenigma server. In response, it receives a random session key for
symmetric encryption within the client as well as an asymmetrically
encrypted session key for all the recipients. AES encryption is then
performed within the client using the unencrypted session key. Then,
the user script in the client combines the symmetrically encrypted
mail text and the asymmetrically encrypted session key to create the
OpenPGP binary format.
"""

The Freenigma in the web browser (Firefox extension) code should be
available as Free Software, under GNU GPL licence.

Certainly an architecture to look at in the future.

Best wishes,
d.