PGP / GnuPG / OpenPGP Message Encryption in JavaScript

© Herbert Hanewinkel


updated 17.Jan.2011

Why encryption in Javascript?

For securing web forms with public key encryption.

Public key encryption in Javascript encrypts form data at the client side for the whole transfer from sender to the final receiver. Form data can be transferred without using an SSL connection and is stored encrypted on the server. Only the final receiver can decrypt it.

How to integrate it with existing PKI?

There are other pages about encryption in Javascript. All these pages demonstrate how encryption/decryption could be done in Javascript.

How to secure form data without any "special" processing software for decryption using standard keys sizes (>= 1024 bits)?
My provider offers a CGI program to forward form data as mail, a solution that is offered by most providers.
The idea:

Encryption could be done automatically and hidden before transmission.
Decryption is done automatically by a GnuPG mail plugin for your favorite mail client.

The OpenPGP message format is described in RFC 2440 / RFC 4880 and implemented in the GnuPG software. PGP message encryption is based on symmetric encryption of a message using a random session key and public key encryption of the session key.

Today's mail encryption standards recommend to use MIME for marking encrypted contents, but the "old" ASCII armored inline message format of PGP is well suited for encryption of form data in Javascript.

OpenPGP supports RSA as one of the public key encryption algorithms. John Hanna implemented a RSA/RC4 encryption scheme in Javascript for a client based Webshop. RC4 was choosen by John Hanna for symmetric encryption because RC4 is fast and small in code size. But RC4 is not supported by OpenPGP. For symmetric encryption of a message one of the OpenPGP supported algorithms was needed. I used Fritz Schneider's AES (Rijndael) reference implementation as a first choice, but the performance was very poor compared to RC4. Porting the optimized GnuPG C implementation of AES to Javascript improved the situation.

My solution: OpenPGP Message Encryption in Javascript

My contact form offers encryption for sending me confidental messages. It is coded to use my PGP 1024 bit RSA public key.

My PGP Encryption Service enables you to PGP/GPG encrypt a message for a receiver as a web based service. It is implemented in Javascript code only, executed in your local browser and readable for verification.

The Javascript Sources:

Additional routines:


Many people ask me about decryption in Javascript. I don't think that it could be really useful to do decryption in Javascript, because it requires the secret key and I would never paste my secret key in a web form.

The packet decoder could be used as a starting point and extended for decrypting PGP encrypted messages:

Secret keys are stored by GPG by default CAST-128 encrypted.

How the algorithms work:

There are other pages about the mathematical background of public key encryption and AES. The two links below don't give a description of RSA, Elgamal or AES algorithm itself, but they show how the two encryption parts of the Javascript implementation work. My OpenPGP message encryption is based on these Javascript routines:

Is it secure?

The software encrypts form data at the client before transmission using strong public key encryption. An encrypted message is secured at the level provided by an RSA or Elgamal 1024 bit key, e.g. decryption of a single message will need a few month.
Javascript code and public key of the receiver are transferred unencrypted from server to client and therefore could be modified on the fly by a third person. A person getting access to your server can modify Javascript code and public key of the receiver.

References & Links:

There are many links about encryption and Javascript. Links explaining and demonstrating RSA public key encryption using small numbers, ... Here a few links that I found useful for implementing my solution.


If you have questions regarding the software, send me a mail.
Please note that I can not answer requests about encryption in general. Home