6

I'm trying to write a sample decryptor for GnuPG encrypted files in JavaScript using openpgp.js.

So I tried it naively without even asking if it is even possible. I made the following page.

popup.html

<!doctype html>
<!--
-->
<html>
<head>
    <title>Popup</title>
    <script src="openpgp.js"></script>
    <script src="popup.js"></script>
</head>
<body>
    <p>Upload message: </p><input id="message" type="file"/><br>

    <p>Upload secret key: </p><input id="secret" type="file"/><br>

    <p>Secret key password: </p><input id="password" type="password"/><br><br>
    <button id="decrypt">Decrypt</button>
    <p id="output"></p>

    <div id="loadingDiv"></div>
</body>
</html>

popup.js

var message = "";
var secret = "";


function readMessage (e) {
    var file = e.target.files[0];
    if (!file) {
        message = "";
    }
    var reader = new FileReader();
    reader.onload = function (e) {
        message = e.target.result;
    };
    reader.readAsText (file);
}


function readSecret (e) {
    var file = e.target.files[0];
    if (!file) {
        secret = "";
    }
    var reader = new FileReader();
    reader.onload = function (e) {
        secret = e.target.result;
    };
    reader.readAsText (file);
}




function loadScript(url, callback)
{
    var head = document.getElementsByTagName ("head")[0];
    var script = document.createElement ("script");
    script.type = "text/javascript";
    script.src = url;

    script.onreadystatechange = callback;
    script.onload = callback;

    head.appendChild(script);
}


document.addEventListener ("DOMContentLoaded", function() {
    document.getElementById ("message").addEventListener("change", readMessage, false);
    document.getElementById ("secret").addEventListener("change", readSecret, false);
    var gen = function() {
        document.getElementById ("decrypt").addEventListener ("click", function() {
            var output = document.getElementById ("output");
            output.style.color = "black";
            if (document.getElementById ("message").value == "") {
                output.innerHTML = "No message provided";
                output.style.color = "red";
            }
            else if (document.getElementById ("secret").value == "") {
                output.innerHTML = "No secret key provided";
                output.style.color = "red";
            }
            else if (document.getElementById ("password").value == "") {
                output.innerHTML = "No password for secret key provided";
                output.style.color = "red";
            }
            else {
                var privateKey = openpgp.key.readArmored (secret).keys[0];
                var isCorrect = privateKey.decrypt (document.getElementById ("password").value);
                if (isCorrect) {
                    output.innerHTML = "";
                    output.style.color = "black";
                    var img = document.createElement ("img");
                    img.src = "loading.gif";
                    img.id = "loading";
                    document.getElementById ("loadingDiv").appendChild (img);
                    message = openpgp.message.readArmored (message);
                    openpgp.decryptMessage (privateKey, message).then (function (plaintext) {
                        output.innerHTML = plaintext;
                    }).catch (function(error) {
                        output.innerHTML = "Error while decrypting";
                        output.style.color = "red";
                    });
                }
                else {
                    output.innerHTML = "Incorrect password";
                    output.style.color = "red";
                }
            }
        });
    }
    loadScript ("openpgp.js", gen);
});

openpgp.js gives an Unknown ASCII armor type error on message = openpgp.message.readArmored (message);.

So is it possible? If it is, should I do something different?

Jens Erat
  • 37,523
  • 16
  • 80
  • 96
Kudayar Pirimbaev
  • 1,292
  • 2
  • 21
  • 42
  • 1
    Please be more specific on _where exactly_ (which line) the error message occurs. A guess: you try to load binary information as encoded with ASCII-armoring. – Jens Erat Nov 13 '15 at 08:51
  • @JensErat sorry, when i'm trying to open a message (edited the question), also, can you elaborate on your guess, i didn't quite understood it – Kudayar Pirimbaev Nov 13 '15 at 09:17
  • 1
    There are two "encodings" in the OpenPGP standard, the more (space) efficient binary encoding and ASCII-armoring (similar to base64). If your message starts with something like `-----BEGIN PGP MESSAGE-----`, you're using ASCII armoring. I _guess_ `readArmored` will only read ASCII armored messages. – Jens Erat Nov 13 '15 at 09:20
  • yes, it is binary encoded, you're right. i tried to cast bytes to message (`message.fromBinary (bytes)`), yet message then is not decrypted (`Parameter "utf8" is not of type string`) – Kudayar Pirimbaev Nov 13 '15 at 09:27
  • @JensErat can i convert binary encoded to ascii armored inside js then? – Kudayar Pirimbaev Nov 13 '15 at 10:04

2 Answers2

1

OpenPGP knows to encodings of messages,

  • binary messages, which are more space-efficient and
  • ASCII-armored messages encoded in a format similar to base64, providing higher reliability when transmitted through different channels as being plain text.

openpgp.message.readArmored (message) only understands ASCII-armored information. use openpgp.message.fromBinary (message) instead. As an alternative, encode the message through GnuPG using the --armor option while encrypting, or gpg --enarmor an already encrypted binary message.

Jens Erat
  • 37,523
  • 16
  • 80
  • 96
  • i changed to `message = openpgp.message.fromBinary (message)`, message then is not decrypted `(Parameter "utf8" is not of type string)` – Kudayar Pirimbaev Nov 13 '15 at 10:32
  • I'm sorry I don't know JavaScript well enough to understand what problems might occur when dealing with binary information. I'd guess you're safer limiting to ASCII-armored messages when using web technology. – Jens Erat Nov 13 '15 at 10:35
  • even then, library does decrypt text files correctly, but it doesn't do it properly on images – Kudayar Pirimbaev Nov 13 '15 at 11:38
0

With Openpgpjs version 3.x, I found that a private key object has to be created and used with the publicKey and message in the options variable. The private key object is created with the private key. First create the private key object, then decrypt it with your "secret" phrase, and then decrypt the message.

Here's an example using your variables.

 privKeyObj.decrypt(secret).then(function(oBoolean) {
      //Name oBoolean anything you want.
      //It will be true or false indicating
      //whether the secret phrase is right.
      if(!oBoolean) {
           output.innerHTML = "Incorrect password.";
           output.style.color = "red";
      } 
      else {
           var privateKey = "your openpgpjs private key created with your secret phrase";
           var privKeyObj = openpgp.key.readArmored(privateKey).keys[0];
           var options = {
                message: openpgp.message.readArmored(message),
                publicKeys: openpgp.key.readArmored(publickey).keys,
                privateKeys: [privKeyObj]
           };
           openpgp.decrypt(options).then(function(plaintext) {
                output.innerHTML = plaintext.data;
           }, function(error) {
                output.innerHTML = "Error while decrypting";
                output.style.color = "red";
           });
      }
 });
T.CK
  • 411
  • 4
  • 6