Skip to content
/ gpg-mail-form Public

A javascript module which transparently encrypts mail forms before submission

License

MIT license
0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

mvonmaltitz/gpg-mail-form

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

24 Commits
assets
assets
 
 
js
js
 
 
public
public
 
 
scss
scss
 
 
views
views
 
 
Gemfile
Gemfile
 
 
Gemfile.lock
Gemfile.lock
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
app.rb
app.rb
 
 
app_routes.rb
app_routes.rb
 
 
assets.rb
assets.rb
 
 
bower.json
bower.json
 
 
config.rb
config.rb
 
 
config.ru
config.ru
 
 
humans.txt
humans.txt
 
 
robots.txt
robots.txt
 
 

Repository files navigation

gpg-mail-form

A javascript module which transparently encrypts mail forms before submission.

##USE CASE Normally contact forms on webpages POST the form data to the server, which in turn transforms them into a mail which is afterwards sent to an address you have specified before. The data is processed in clear text on the server and also sent as such via e-mail. Wouldn't it be nice, if you could encrypt the information even before POSTing so that only the sender and you are aware of the content? This script transparently hooks into the submit action of a form, encrypts the fields you have specified with a given GPG key and POSTs the result to the server.

Please note: Due to the encryption, the user should not receive a copy of the mail sent, as she is not able to decrypt ist.

USAGE

Isolated field encryption

Given a form

<form action='/post_form' data-encrypted-form method='post'>
  <label for='name'>Name</label>
  <input id='name' name='name' value='John Doe'>
  <label for='email'>e-Mail-Address</label>
  <input id='email' name='email' value='[email protected]'>
  <label for='body'>Content</label>
  <textarea data-encrypt id='body' name='body'></textarea>
  <input type='submit'>
</form>

gpg-mail-form will intercept the submit, encrypt the #body-field and send the the manipulated form data to /post_form.

Group field encryption

Given the form

<form action='/post_form' data-encrypted-form method='post'>
  <label for='name'>Name</label>
  <input data-encrypt-source id='name' name='name' value='John Doe'>
  <label for='email'>e-Mail-Address</label>
  <input data-encrypt-source id='email' name='email' value='[email protected]'>
  <label for='body'>Body</label>
  <textarea data-encrypt-source data-encrypt-target id='body' name='body'></textarea>
  <input type='submit'>
</form>

gpg-mail-form will collect all input annotated with data-encrypt-source, group them into one message and fill the data-encrypt-target with its encrypted representation.

##INSTALLATION The repository represents an example project. It's a sinatra web app which demonstrates the described use cases on individual pages.

To incorporate gpg-mail-form in your own site, you only need the files js/gpg_form_encryptor.coffee and assets/kbpgp/kbpgp.js as dependency. Have a look at js/setup.coffee to see how to configure and invoke the GPGFormEncryptor.

##TODOs

  • Provide sensible setup method to provide GPG public key. Currently the key is hardcoded in the script.
  • Make configuration of forms possible of which the html cannot be changed directly (e.g. form autocreation of CMS)

About

A javascript module which transparently encrypts mail forms before submission

Resources

Readme

License

MIT license
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Languages