home

A Quick Website for HSCrypt

HSCrypt got a new small website with examples
… an occasion to re-present this quick hack …

HSCrypt is a little POSIX shell script that transforms a blob of bytes (preferably an HTML document) and a pass-phrase, into a web page presenting the blob but PGP-encrypted, with some Javascript to decrypt it. The pass-phrase is input into a text-box or taken from the URL fragment (part of the URL not sent by browsers to web-servers).

The project started its life as “staticrypt-cli” and was recently renamed to hscrypt. Indeed, the idea was kinda stolen from robinmoisson/staticrypt where, at the time, the issue robinmoisson/staticrypt#97 was still just an issue (it seems there is an CLI implementation now).

The first version I hacked together was compatible with Staticrypt thanks to openssl but it wasn't scaling well (big JS strings), and (at the time) the implementation and maintenance status of crypt-js seemed very suspicious.

So I switched to OpenPGP.js (maintained by ProtonMail's team) and the script does the encryption with GnuPG. The encrypted version of the page nicely shows the armored blob and a password prompt. Having the armor means that if for some reason you don't want to input a password into a web-browser which is pulling Javascript from a website/CDN, you can just copy the blob and decrypt it in your favorite tool (with Emacs, just try epa-decrypt-region).

The new thing prompting this post is that hscrypt now has a little website built by the Gitlab CI using pandoc (MR !2):

With and without password.

One can use this to share web-pages with friends & proof-readers. For instance if one had been git-stalking me, they would have seen that hscrypt is used for the draft posts of this blog e.g. in the page seb.mondet.org/b/index-debug.html.

As always the project needs help → gitlab.com/smondet/hscrypt/-/issues.

After 8 years of blograstination, this is post #5 of my attempt at not getting too fast lagging behind on the #100DaysToOffload “challenge” … Let's see where this goes.