What is Webencryption?
Webencryption is a rather crude message encryption and decryption web application that runs in the browser from the local filesystem.
While there are allegedly secure messaging applications, it bothers me that they come packaged as binary programmes which I cannot inspect with reasonable effort and that their network traffic is routed through the manufacturers’ servers. I wanted a secure messaging solution that is simple enough for me to understand, that does not require compilation into unauditable binaries and that does not depend on any servers not operated by me.
Building on those requirements one would substitute “I” and “me” with anyone: anyone should be able to understand and audit the solution and it should not depend on binary packages or servers.
Some goals and features:
- It is meant to be used by people with medium technical affinity
- It can be run on a computer with a browser in offline mode
- It does not require network connectivity
- It can be run from the local file system
- It is an encryption system based on RSA
- It is open source
- It is run directly from source
How does it work?
It encrypts and decrypts text messages with RSA but does not send them anywhere, as this would fail the requirement of avoiding network communication. Conversation participants have to rely on classical communication means like a chat messenger or email to send each other the encrypted messages; Webencryption will only en/decrypt those messages.
The private and public RSA keys are derived from a secret passphrase and are not stored in Webencryption; users have to take care of that.