On Mon, 23 Sep 2013 17:59:23 -0400 Roger Dingledine arma@mit.edu wrote:
On Mon, Sep 23, 2013 at 05:45:36PM -0400, Sukhbir Singh wrote:
I am starting to work on a small GUI tool for file verification because I find guiding users through the verification process on Windows/Mac through the command line painful.
Just a thought: have you considered doing this through a Firefox extension instead?
It does seem like a Firefox extension is a better alternative. The "here's an executable you just fetched from the Internet, please run it" model is likely bad news, and also isn't the right habit to be teaching users.
If you go the browser extension route, there is a now defunct Firefox add-on called FireGPG that implemented GnuPG in the web browser. This add-on was discontinued in 2010 and it's primary focus was encrypting and decrypting gmail messages. However, the software was open source and the code is still available. If you decide to implement this project as a browser extension, you might want to see if there are any usable parts you can salvage from that rubble (there might not be). http://getfiregpg.org/s/home
On 09/24/2013 05:42 AM, Matt Pagan wrote:
On Mon, Sep 23, 2013 at 05:45:36PM -0400, Sukhbir Singh wrote:
I am starting to work on a small GUI tool for file verification
If you go the browser extension route, there is a now defunct Firefox add-on called FireGPG that implemented GnuPG in the web browser.
One of the successor projects is WebPG, https://webpg.org/ . There's also Mailvelope, http://www.mailvelope.com/ . I believe both are using OpenPGP.JS, http://openpgpjs.org/ .
Matt Pagan:
If you go the browser extension route, there is a now defunct Firefox add-on called FireGPG that implemented GnuPG in the web browser. This add-on was discontinued in 2010 and it's primary focus was encrypting and decrypting gmail messages. […]
I'd like to remember everyone that it was probably discontinued because in the end it turned to be a terrible idea. Tails wrote a statement about it: https://tails.boum.org/doc/encryption_and_privacy/FireGPG_susceptible_to_devastating_attacks/
Although an extension whose sole purpose would be to verify GnuPG signatures would not have the problem and seems like a good idea. At least, shipping it through addons.mozilla.org give the user some basic trust path.