Browser extension eliminates private key management
A simple solution that delivers strong encryption may soon become available from Cryptocat developer Nadim Kobeissi, as an extension for Google Chrome web browser.The name of the soon-to-be-released browser add-on is miniLock, and according to Wired, it offers an area where files can be dropped for encryption. It works with any type of items, from multimedia files to documents or other types, even if they originate from removable storage devices.
It relies on asymmetric encryption, just like PGP (Pretty Good Privacy), which requires two separate keys, public and private, for locking and unlocking the information. The data is encrypted with the public key (called miniLock ID) and can only be decrypted with a matching private one.
In theory, this type of protection cannot be descrambled even by law enforcement agencies, making it one of the most secure types of encryption.
Wired says that users have to provide a strong password, “with as many as 30 characters or a lot of symbols and numbers,” from which miniLock derives the public and private keys.
When providing the passcode, the same key-pair is generated, which makes the application usable on any computer. As soon as the add-on is closed, the information is deleted from the system.
Automatic management of the key-pair is exactly what makes miniLock easy to use and suitable for the average user who seeks a simple way to protect information when sending it over the web.
“No logins, and no private keys to manage. Both are eliminated. […] Users can have their identity for sending and receiving files on any computer that has miniLock installed, without needing to have an account like a web service does, and without needing to manage key files like PGP,” Wired was told by Kobeissi.
Because miniLock uses elliptic curve cryptography, the miniLock ID is 44 characters long, while in the case of PGP the public key can reach almost a page of random text. Due to its small size, sharing can be done through an extremely wide range of communication channels, such as a Twitter post or even a mobile text message.
Kobeissi has prepared all the technical details for presenting them at the HOPE conference in New York, starting July 18.
The encryption instrument he proposes is currently in experimental stage of development, but a beta is to be presented at the New York conference. The code will be available for review on GitHub in order to make sure that flaws are eliminated before the tool is published in Chrome Web Store.