October 30th, 2003
Self Decrypting Archive

Create a JavaScript SDA deutsch  englisch

Motivation

SDA archives contain in addition to encoded data the necessary unpack software at once, too. This is convenient because the receiver then needs nothing further as his passphrase.

  • With JavaScript this works independently of the computer system (PC, workstation or Mac).
  • Write or execute rights aren't necessary (internet cafe).
  • The browser does everything.

This isn't a "public key method" with certificates etc. but conventional symmetrical cryptography.

Example: Josch wants to have all his user data with passwords, customer numbers, addresses or other related data as collection in one file that can be accessed from anywhere. Normally these interesting data are stored secure in a notebook at home.

Furthermore, confidential news reaches the intended receiver if he can authorize himself with a certain knowledge.

Example: The company Z. in W. expects from its employee M. an urgent decision. However, nobody knows whether or not M. collects his eMail. Mr M. is on vacation on the Xy islands at the moment.
On his mobile phone he receives an SMS message with a web address and the note: "Urgent!". Mr M. asks for being allowed to use the internet terminal in the hotel's foyer. On the received web page he is requested to enter the project number he has worked on last. The page is decoded with that.

Advantages

  • Plaintext is not transported nor saved anywhere in the web.
  • The receiver needs neither a valid certificate nor any crypto-software.

Contributors

This work was started by Paul Johnston. The JavaScript implementation of the MD5 algorithm also comes from him.
Thanks to Mark Butler who has provided a workaround which is needed for some older browsers and for the Mac.

Demo

(Passphrase is: "Susie Oviatt")

Enter the passphrase:

Another example for a web page containing an embedded SDA.

Create an SDA-Archive

With the tool on the following page everybody can produce his own JavaScript-SDA archives. Therefor enter the plaintext and the desired passphrase. The script then generates the complete HTML code.

Attention! Only pure 7-bit ASCII characters are allowed from security reasons, that are neither mutated vowels nor special signs.

However, the plaintext can contain HTML code for example:

(Passphrase is: "Jennifer Lopez")

Enter the passphrase:

JavaScript may not write any files. Therefore one must juggle with the right mouse button to "copy" and "paste" the text out of the windows.

Name the generated file .htm or .html and upload it to the web server or send it as attachment by eMail.

Create a JavaScript SDA