Motivation
SDA archives contain in addition to encoded data the necessary unpack
software at once, too. This is convenient because the receiver then
needs nothing further as his passphrase.
- With JavaScript this works independently of the computer system
(PC, workstation or Mac).
- Write or execute rights aren't necessary (internet cafe).
- The browser does everything.
This isn't a "public key method" with certificates etc. but
conventional symmetrical cryptography.
Example: Josch wants to have all his user data with passwords, customer
numbers, addresses or other related data as collection in one file
that can be accessed from anywhere. Normally these interesting data are
stored secure in a notebook at home.
Furthermore, confidential news reaches the intended receiver if he can
authorize himself with a certain knowledge.
Example: The company Z. in W. expects from its employee M. an urgent
decision. However, nobody knows whether or not M. collects his eMail.
Mr M. is on vacation on the Xy islands at the moment.
On his mobile phone he receives an SMS message with a web address and
the note: "Urgent!". Mr M. asks for being allowed to use the internet
terminal in the hotel's foyer. On the received web page he is requested
to enter the project number he has worked on last. The page is decoded
with that.
Advantages
- Plaintext is not transported nor saved anywhere in the web.
- The receiver needs neither a valid certificate nor any
crypto-software.
Contributors
This work was started by
Paul Johnston.
The JavaScript implementation of the MD5 algorithm also comes from him.
Thanks to
Mark Butler
who has provided a workaround which is needed for some older browsers
and for the Mac.
Demo
(Passphrase is: "Susie Oviatt")
Another example for a web page containing an
embedded SDA.
Create an SDA-Archive
With the tool on the following page everybody can produce his own
JavaScript-SDA archives. Therefore enter the plaintext and the desired
passphrase. The script then generates the complete HTML code.
Attention! Only pure 7-bit ASCII characters are allowed from security
reasons, that are neither mutated vowels nor special signs.
However, the plaintext can contain HTML code for example:
(Passphrase is: "Jennifer Lopez")
JavaScript may not write any files. Therefore one must juggle
with the right mouse button to "copy" and "paste" the text out of the
windows.
Name the generated file .htm or .html and upload it to the web server
or send it as attachment by eMail.
|
