Secrecy is for the royals, privacy if for the poor. It is time to change that. In this session I would like to talk about Protected Content (machine name proc), a contributed module that combines OpenPGPjs and Drupal and allows the usage of asymmetrical cryptography, in a zero knowledge proof schema where only the recipients are capable to access their contents, excluding therefore even the site owner or the sysadmin from eavesdropping user's content.
This project started on 2019. The requirement was to avoid the possibility of content leakage. The solution is well known and its technological feasibility was certain: Pretty Good Privacy had long became OpenPGP and OpenPGPjs was on the wild and fertile terrain of open source allowing the implementation of end-to-end encryption in a simple web browser. Why was it not well spread however?
One of the reason for its lack of popularity replies on the problem of key distribution. Frequently users want the best of all worlds. And, caring a private key here and there is something the users are not usually willing to do. In order to overcome that Protected Content applies a hybrid approach of asymmetric encryption of content and symmetric encryption of the private key. This is equivalent to shortening the private key to a reasonable size, or a password. It is a fact that longer this password is, harder it is to force brute attack it. And yet it is fully zero proof knowledge schema that can be broken only by a sysadmin that is also willing to force brute attack user's encryption passwords.
Come to the session for having a demonstration of the module.