Generation of SDA archives
JavaScript may not cause or write any files. Well, you will have to produce them
"manually". This is quite simple. For example with Microsoft Windows follow
this approach:
-
After click on: "Create a JavaScript SDA" type your
plaintext into the upper window or better first prepare the text with an Editor
program and then "copy" and "insert" it into the plaintext window (right mouse
button).
-
Enter your passphrase, then push "Encode".
-
Place cursor into the lower window,
right mouse button, Mark all
-
Right mouse button, Copy
The generated html source code is in the Windows clipboard now.
-
Start | Program Files | Accessories | Editor
-
Right mouse button, Insert
-
File | "Save as ..."
Navigate to a suitable position on the disk, e.g. C: \
-
Name the file e.g. "secret.htm" and save.
(Extension must be htm or html!)
-
Start | Program Files | Windows Explorer
-
Look for the html file just stored, e.g. at C: \
-
Double-click on "secret.htm"
Internet Explorer pops up. Enter your passphrase and check the result.
-
The file can be sent as appendix of an e-mail.
Experience and security issues
It seems to be a good choice writing the plaintext as html file. All lay-out
possibilities can be used by doing so. But consider that html
files have a regular beginning - they always start with <html>
somehow. This can be exploited at the cryptographic analysis.
But pure ASCII text must not contain any vowel mutations or other special signs.
And, that is important, no html-tags! Regard that the browser will interpret
html-tags even if they are inside a <pre>-area. Best you avoid the
angular bracket "<" completely.
The key assignment is the main problem, as usual. Coming up with a good question
that asks for a common knowledge with the receiver is not simple. For such
cases it is recommended to change the line
<input type=password name=passphrase size=50>
into
<input type=text name=passphrase size=50>
Experience shows, that if only asterisks are reflected as input echo in the
passphrase line, people simply write everything in lower case letters. However,
a "jennifer" isn't a "Jennifer".
The plaintext file shouldn't be longer than 10..15 kbytes. Otherwise the
decoding lasts too long and the receiver doesn't know what the matter is: "Has
it crashed now or what"?
Never use the same password (the same passphrase) repeatedly. If your SDA is
intended rather to have a secure communication with a partner than as an
archive, then you should integrate at least a sequence number or something
similar into your passphrase.
|