That's what I need -- gpg/pgp browser plug-in. Is the gpg/pgp browser plugin exist? Or do I need to cook it up my own? Thanks.
Wooi. > hrrm... didn't get through the first time... > > consider the possibility of having a custom made browser plugin, which > manages the private key, and decrypts the passwords on the user's > computer only, thus securing the passwords even further (there is no > decrypted or session-key encrypted copy being transferred) > > i'm sure that connectivity with a browser plugin and PGP/GPG would be > very well received as a general plugin aswell, allowing HTML content > integration into HTML, kind of like a javascript document.write, but > via public key encryption. > > > > consider the following > > <html> > <head> > <title>foo</title> > <body> > text > lala > bar > <DEFANGED_embed src='URI' type=PGP> <!-- i forgot how to declare > embeds, please excuse --> > > <!-- > In here encrypted data will be received from the server, and decrypted, > then integrated into the document as more html code > --> > > </embed> > </body> > </html> > > > the document being interpreted/rendered could be > > ...<body> > text > lala > bar > your password is "foo" > > </body> > <html> > > > > > > this might be worth something. > > > > > At 21:53 08/04/02, Wooi Koay said the following: > >>Hi, >> >>I would like to write a web app that stores a list of passwords >>securely. The reason why it has to be a web app is because I want to >>access the site using blackberry (rim handheld). >> >>My idea is to decrypt the password list using a public key, and when a >>valid user logs in, the password list are decrypted using the user's >>private key. If another user accidentally access the password list of >>different people, he still can't read the password list because he >>doesn't have the matched private key. The problem that I can see is >>that the webserver somehow need to have access to the public/private >>key pair. If the webserver is compromised, the passwords could >>potentially be read. Any thought on that? >> >>TIA, wooi. >> >> > > > > > > Yuval Kojman > [EMAIL PROTECTED] > > pgp public key ID: 0xB2EA86B4
