SpoC 007 - Enigform: Firefox Addon for OpenPGP signing of HTTP requests - Progress Page
As of 7th November, 2007, mod_openpgp, the Server-side Enigform component for Apache, supports OpenPGP-Encrypted HTTP Request Decryption. This means an HTTP client can send an encrypted HTTP request, using the Server's public key, and it will be decrypted and correctly served by the server.
This is a HUGE feature bump, of roughly 1200 lines of C code.
It's much more of what I expected to implement for the OWASP SPOC duration, so I'll be applying for the 2nd half of my funding now.
Also, I've implemented most of the Secure Session Initiation Protocol, but problems with some Apache DB APIs are slowing this much more than I expected. I hope to work out all the issues, or I'll have to release a simplified version. I just hope the Decryption support is enough to apply for the 2nd half of funding.
Older Status Reports
As of 9th July, 2007, Enigform has been enhanced with remote site OpenPGP discovery, Public Key Import. Kyle Huff has joined the development team, and the Session Protocol has been proposed. Regarding Encryption, mod_openpgp supports encrypted http requests, but Enigform support for this is in research stage.Microsoft support will be last stage, once Enigform 1.0 and mod_openpgp 1.0 are released.
- Enigform Development Site
- Addons.Mozilla.Org - Stable Releases Installation Page
- Enigform Freshmeat Page
- Official Enigform Forum