A Quick Website for HSCrypt
… an occasion to re-present this quick hack …
HSCrypt is a little POSIX shell script that transforms a blob of bytes (preferably an HTML document) and a pass-phrase, into a web page presenting the blob but PGP-encrypted, with some Javascript to decrypt it. The pass-phrase is input into a text-box or taken from the URL fragment (part of the URL not sent by browsers to web-servers).
The project started its life as “staticrypt-cli” and was recently renamed to
hscrypt. Indeed, the idea was kinda
stolen from
robinmoisson/staticrypt where,
at the time, the issue
robinmoisson/staticrypt#97
was still just an issue (it seems there is an CLI implementation now).
The first version I hacked together was compatible with Staticrypt thanks to
openssl but it
wasn't scaling well (big JS strings), and (at the time) the implementation and
maintenance status of crypt-js seemed
very suspicious.
So I switched to OpenPGP.js (maintained by
ProtonMail's team)
and the script does the encryption with GnuPG. The
encrypted version of the page nicely shows the armored blob and a password
prompt. Having the armor means that if for some reason you don't want to input
a password into a web-browser which is pulling Javascript from a website/CDN,
you can just copy the blob and decrypt it in your favorite tool (with Emacs,
just try epa-decrypt-region).
The new thing prompting this post is that hscrypt now has a little website
built by the Gitlab CI using pandoc
(MR !2):
smondet.gitlab.io/hscrypt, with- an example encrypted page:
smondet.gitlab.io/hscrypt/hscrypt-test.htmlwhich one can compare to - the decryption result:
smondet.gitlab.io/hscrypt/hscrypt-test.html#test-pass-phrase.
One can use this to share web-pages with friends & proof-readers. For instance
if one had been
git-stalking
me, they would have seen that hscrypt is used for the draft posts of this blog
e.g. in the page
seb.mondet.org/b/index-debug.html.
As always the project needs help →
gitlab.com/smondet/hscrypt/-/issues.
After 8 years of blograstination, this is post #5 of my attempt at not getting too fast lagging behind on the #100DaysToOffload “challenge” … Let's see where this goes.