Follow

I need a WordPress plugin that I can give my public key to it and it lets me put forms in a page and then the form encrypts the people's input using my PGP pubkey.

@arh

1️⃣ wordpress.org/plugins/openpgp-
2️⃣ wordpress.org/plugins/wp2pgpma

1) is free and open-source. 2) is freemium.

Haven't tested them, but they seem to be the only available. Would be interested to know what you think, if you test them.

@arh
Okay, here you go. Number 1 works. You can test it here:

sawiya.de/privat/openpgp-test/

All I did was
a) install the plugin,
b) generate a pgp key with gpg and export the public key in ASCII-Format,
c) upload it to my wordpress
d) write the code in the screenshot as HTML element on fresh post.

@anarchist912 I tried the exact code but when I click on the "encrypt" button it does nothing.

@arh You have to reference a Keyfile that's on the same domain as your request comes from, that is your WordPress runs on, because CORS is blocked, I guess.

@arh Did you upload your own key? Is the URL to the key correct in the shortcode parameter (keyurl)? Is there anything logged in the browser console, when you click on the button?

When I set it up, I had a wrong URL first. Nothing happened, but there was a console log, when clicking the button.

@arh
Look into #GpgME, perhaps?

If this is about mitigating a potentailly hostile server (or a server that becomes controlled by an adversary), we are not sure what will stop it from serving #javascript that just reads from the textbox, though.

Have they considered #selfHosting over #I2P or Tor first.

@dsfgs no it's about giving people ability to encrypt their message on my website before sending an email message to me.

@arh
It still has the same issue though if hosted on a potentailly compromised server.

@dsfgs I understand but that issue can be everywhere. Nowhere on internet is a safe place.

@arh
You could package the page up for #offlineUse. And ask the person to tell you the `shasum -a 256 <OF_THE_ZIP_FILE>

Then the only way it can be compromised is if their device is compromised.

@dsfgs well I'm planning for that form so people can encrypt their messages without knowing anything about encryption, if I wanted to put them in so much trouble I wouldn't implement such form.

@arh There is one that I use for exact purpose. It is called wp2pgpmail. I use it with some custom php code but it works very well.

@alper I tested it but it says no valid PGP key was entered.

@arh let me check my setup. It has been a while since I installed it. I do not update it for my custom code to run uninterrupted so it may be a later version problem. I will let you know.

@alper thank you. And please give me your page so I can test the function.

@arh client-side encryption using a server-side plugin?
Sign in to participate in the conversation
ARH's Mastodon

Personal Mastodon instance of Ali Reza Hayati.