NEWS: Encryption of HTTP using OpenPGP

As you probably know already if you are a visitor of this blog, then you know I'm working on Enigform and mod_auth_openpgp. And you probably know that I'm currently working on GnuPG-encrypted HTTP Requests (unreleased draft named: "OpenPGP Extensions to the HTTP Protocol").

Now, Enigform is a Mozilla Addon, and it was great to implement signed requests, which is nothing more than some extra http request headers with special values obtained from calling GnuPG, which are then verified by a simple post_read_request hook in the Apache module (mod_auth_openpgp, to be renamed mod_openpgp once I submit it to the ASF). Simple.

BUT encryption is a whole different thing. If you take a look of how the proposed format for an encrypted request looks alike you'll see that the request needs to be decrypted, and then the same request be replaced with the result of the decryption process, and THAT new, cleartext, request is the one apache should handle. Quite complicated, so I had to write an input filter (more details at http://foros.buanzo.com.ar/viewtopic.php?f=37&t=239&p=1061#p1061).

Now, the problem is the browser. For the time being, I'll use some code borrow from Eric Jung's EXCELLENT FoxyProxy extension to call a proxy (one I'm writing that will implement the actual encryption and probably signing as well, and move all the gpg code outside Enigform), until Mozilla provides an input/output filter mechanism.