

Ask HN: What options do I have for providing crypto in a webapp? - antihero

As in another discussion, people essentially battered the idea of JavaScript crypto into the ground. Now, my application essentially allows people send messages to each other with an encryption key. I started off doing the encryption server-side using PyCrypto. Then I realised that that meant that people would have to trust my server with both their passphrase and their plaintext. So I (before reading the aforementioned discussion), changed everything over to using SJCL so that the encryption could be done within the browser.<p>I'm now realising why that's a bad idea, and despite being in control of my server, and in control of the JavaScript that is sent to the user (aside from the GApps API), and that a malicious JS attack is incredibly unlikely, that it may not be the best solution.<p>The ideal solution would be cross platform and seamless (IE user types in key. Hits encrypt button. It is done) without requiring things to be installed, etc, so what exactly are my options?
======
bribriinlondon
<https://privatesky.me>

We built it. It's an IE add on. I JUST asked HN to rate my start-up, as a
matter of fact.

------
mike-cardwell
I think this can only really be done safely with an addon/plugin.

------
JoachimSchipper
There are none. You'll have to install a program on the user's computer
somehow (browser plugins are one possible solution).

------
fenesiistvan
(signed) java applet

