diff --git a/assets/scripts.js b/assets/scripts.js index 82f3b89..53efa0e 100644 --- a/assets/scripts.js +++ b/assets/scripts.js @@ -98,13 +98,13 @@ async function verifySignature(opts) { async function encryptMessage(opts) { // Init - const elEnc = document.body.querySelector("#messageEncrypted"); + const elEnc = document.body.querySelector("#message"); const elRes = document.body.querySelector("#result"); + const elBtn = document.body.querySelector("[name='submit']"); let keyData, feedback, message, encrypted; // Reset feedback elRes.innerHTML = ""; - elEnc.value = ""; try { // Get key data @@ -130,6 +130,8 @@ async function encryptMessage(opts) { // Display encrypted data elEnc.value = encrypted.data; + elEnc.toggleAttribute("readonly"); + elBtn.setAttribute("disabled", "true"); }; async function verifyProofs(opts) { @@ -151,6 +153,9 @@ async function verifyProofs(opts) { return; } + // Display feedback + elRes.innerHTML = "Verifying proofs…"; + let notation, isVerified, verifications = []; for (var i = 0; i < keyData.notations.length; i++) { notation = keyData.notations[i]; @@ -487,6 +492,15 @@ async function fetchKeys(opts) { sigContent: null }; + // Autodetect mode + if (opts.mode == "auto") { + if (/.*@.*\..*/.test(opts.input)) { + opts.mode = "wkd"; + } else { + opts.mode = "hkp"; + } + } + // Fetch keys depending on the input mode switch (opts.mode) { case "plaintext": @@ -598,8 +612,20 @@ let elFormVerify = document.body.querySelector("#form-verify"), elFormProofs = document.body.querySelector("#form-proofs"), elProfileUid = document.body.querySelector("#profileUid"), elProfileMode = document.body.querySelector("#profileMode"), + elModeSelect = document.body.querySelector("#modeSelect"), elUtilWKD = document.body.querySelector("#form-util-wkd"); +if (elModeSelect) { + elModeSelect.onchange = function (evt) { + let elAllModes = document.body.querySelectorAll('.modes'); + elAllModes.forEach(function(el) { + el.classList.remove('modes--visible'); + }); + document.body.querySelector(`.modes--${elModeSelect.value}`).classList.add('modes--visible'); + } + elModeSelect.dispatchEvent(new Event("change")); +} + if (elFormVerify) { elFormVerify.onsubmit = function (evt) { evt.preventDefault(); @@ -612,20 +638,33 @@ if (elFormVerify) { }; opts.signature = document.body.querySelector("#signature").value; + opts.mode = document.body.querySelector("#modeSelect").value; - if (document.body.querySelector("#publicKey").value != "") { - opts.input = document.body.querySelector("#publicKey").value; - opts.mode = "plaintext"; - } else if (document.body.querySelector("#wkd").value != "") { - opts.input = document.body.querySelector("#wkd").value; - opts.mode = "wkd"; - } else if (document.body.querySelector("#hkp_input").value != "") { - opts.input = document.body.querySelector("#hkp_input").value; - opts.server = document.body.querySelector("#hkp_server").value; - opts.mode = "hkp"; - } else { + switch (opts.mode) { + default: + case "auto": + opts.input = document.body.querySelector("#auto_input").value; + break; + + case "wkd": + opts.input = document.body.querySelector("#wkd_input").value; + break; + + case "hkp": + opts.input = document.body.querySelector("#hkp_input").value; + opts.server = document.body.querySelector("#hkp_server").value; + break; + + case "plaintext": + opts.input = document.body.querySelector("#plaintext_input").value; + break; + } + + // If no input was detect + if (!opts.input) { opts.mode = "signature"; } + verifySignature(opts); }; } @@ -642,20 +681,28 @@ if (elFormEncrypt) { }; opts.message = document.body.querySelector("#message").value; + opts.mode = document.body.querySelector("#modeSelect").value; - if (document.body.querySelector("#publicKey").value != "") { - opts.input = document.body.querySelector("#publicKey").value; - opts.mode = "plaintext"; - } else if (document.body.querySelector("#wkd").value != "") { - opts.input = document.body.querySelector("#wkd").value; - opts.mode = "wkd"; - } else if (document.body.querySelector("#hkp_input").value != "") { - opts.input = document.body.querySelector("#hkp_input").value; - opts.server = document.body.querySelector("#hkp_server").value; - opts.mode = "hkp"; - } else { - opts.mode = "signature"; + switch (opts.mode) { + default: + case "auto": + opts.input = document.body.querySelector("#auto_input").value; + break; + + case "wkd": + opts.input = document.body.querySelector("#wkd_input").value; + break; + + case "hkp": + opts.input = document.body.querySelector("#hkp_input").value; + opts.server = document.body.querySelector("#hkp_server").value; + break; + + case "plaintext": + opts.input = document.body.querySelector("#plaintext_input").value; + break; } + encryptMessage(opts); }; } @@ -670,19 +717,28 @@ if (elFormProofs) { server: null, }; - if (document.body.querySelector("#publicKey").value != "") { - opts.input = document.body.querySelector("#publicKey").value; - opts.mode = "plaintext"; - } else if (document.body.querySelector("#wkd").value != "") { - opts.input = document.body.querySelector("#wkd").value; - opts.mode = "wkd"; - } else if (document.body.querySelector("#hkp_input").value != "") { - opts.input = document.body.querySelector("#hkp_input").value; - opts.server = document.body.querySelector("#hkp_server").value; - opts.mode = "hkp"; - } else { - opts.mode = null; + opts.mode = document.body.querySelector("#modeSelect").value; + + switch (opts.mode) { + default: + case "auto": + opts.input = document.body.querySelector("#auto_input").value; + break; + + case "wkd": + opts.input = document.body.querySelector("#wkd_input").value; + break; + + case "hkp": + opts.input = document.body.querySelector("#hkp_input").value; + opts.server = document.body.querySelector("#hkp_server").value; + break; + + case "plaintext": + opts.input = document.body.querySelector("#plaintext_input").value; + break; } + verifyProofs(opts); }; } diff --git a/assets/styles.css b/assets/styles.css index c1450f3..449187d 100644 --- a/assets/styles.css +++ b/assets/styles.css @@ -96,6 +96,11 @@ input[type="radio"] { input[type="submit"] { width: 100%; } +input[type="submit"][disabled="true"] { + cursor: default; + pointer-events: none; + opacity: 0.3; +} .green { color: green; } @@ -106,6 +111,15 @@ input[type="submit"] { display: inline-block; margin: 0 0 8px; } +.modesContainer { + margin-top: 16px; +} +.modes { + display: none; +} +.modes.modes--visible { + display: block; +} .container--profile { margin-top: 64px; diff --git a/index.php b/index.php index cd92b82..6df7b7e 100644 --- a/index.php +++ b/index.php @@ -7,10 +7,14 @@ include_once 'server/functions.php'; // Init router $router = new AltoRouter(); +// Init templating +$templates = new League\Plates\Engine('views'); + // Router mapping $router->map('GET', '/', function() {}, 'index'); $router->map('GET', '/guides', function() {}, 'guides'); $router->map('GET', '/guides/[:id]', function() {}, 'guideId'); +$router->map('GET', '/util/[:id]', function() {}, 'util'); $router->map('GET', '/faq', function() {}, 'faq'); $router->map('GET', '/verify', function() {}, 'verify'); $router->map('GET', '/encrypt', function() {}, 'encrypt'); @@ -21,12 +25,11 @@ $router->map('GET', '/proofs/hkp/[**:uid]', function() {}, 'proofsHKP'); $router->map('GET', '/verify/wkd/[**:uid]', function() {}, 'verifyWKD'); $router->map('GET', '/encrypt/wkd/[**:uid]', function() {}, 'encryptWKD'); $router->map('GET', '/proofs/wkd/[**:uid]', function() {}, 'proofsWKD'); -$router->map('GET', '/verify/[:uid]', function() {}, 'verifyUid'); -$router->map('GET', '/encrypt/[:uid]', function() {}, 'encryptUid'); -$router->map('GET', '/proofs/[:uid]', function() {}, 'proofsUid'); +$router->map('GET', '/verify/[**:uid]', function() {}, 'verifyAUTO'); +$router->map('GET', '/encrypt/[**:uid]', function() {}, 'encryptAUTO'); +$router->map('GET', '/proofs/[**:uid]', function() {}, 'proofsAUTO'); $router->map('GET', '/hkp/[**:uid]', function() {}, 'profileHKP'); $router->map('GET', '/wkd/[**:uid]', function() {}, 'profileWKD'); -$router->map('GET', '/util/[:id]', function() {}, 'util'); $router->map('GET', '/[**:uid]', function() {}, 'profile'); // Router matching @@ -36,129 +39,94 @@ $match = $router->match(); if(is_array($match) && is_callable($match['target'])) { switch ($match['name']) { case 'index': - readfile('pages/index.html'); + echo $templates->render('index'); break; case 'verify': - case 'verifyUid': + echo $templates->render('verify', ['title' => 'Verify — ', 'mode' => 'auto']); + break; + + case 'verifyAUTO': + echo $templates->render('verify', ['title' => 'Verify — ', 'mode' => 'auto', 'auto_input' => $match['params']['uid']]); + break; + case 'verifyHKP': - $content = file_get_contents('pages/verify.html'); - $content = str_replace('%HKP_UID%', (array_key_exists('uid', $match['params']) ? htmlspecialchars($match['params']['uid']) : ''), $content); - $content = str_replace('%WKD_UID%', '', $content); - header('Content-Type: text/html; charset=utf-8'); - echo($content); + echo $templates->render('verify', ['title' => 'Verify — ', 'mode' => 'hkp', 'hkp_input' => $match['params']['uid']]); break; case 'verifyWKD': - $content = file_get_contents('pages/verify.html'); - $content = str_replace('%HKP_UID%', '', $content); - $content = str_replace('%WKD_UID%', (array_key_exists('uid', $match['params']) ? htmlspecialchars($match['params']['uid']) : ''), $content); - header('Content-Type: text/html; charset=utf-8'); - echo($content); + echo $templates->render('verify', ['title' => 'Verify — ', 'mode' => 'wkd', 'wkd_input' => $match['params']['uid']]); break; case 'encrypt': - case 'encryptUid': + echo $templates->render('encrypt', ['title' => 'Encrypt — ', 'mode' => 'auto']); + break; + + case 'encryptAUTO': + echo $templates->render('encrypt', ['title' => 'Encrypt — ', 'mode' => 'auto', 'auto_input' => $match['params']['uid']]); + break; + case 'encryptHKP': - $content = file_get_contents('pages/encrypt.html'); - $content = str_replace('%HKP_UID%', (array_key_exists('uid', $match['params']) ? htmlspecialchars($match['params']['uid']) : ''), $content); - $content = str_replace('%WKD_UID%', '', $content); - header('Content-Type: text/html; charset=utf-8'); - echo($content); + echo $templates->render('encrypt', ['title' => 'Encrypt — ', 'mode' => 'hkp', 'hkp_input' => $match['params']['uid']]); break; case 'encryptWKD': - $content = file_get_contents('pages/encrypt.html'); - $content = str_replace('%HKP_UID%', '', $content); - $content = str_replace('%WKD_UID%', (array_key_exists('uid', $match['params']) ? htmlspecialchars($match['params']['uid']) : ''), $content); - header('Content-Type: text/html; charset=utf-8'); - echo($content); + echo $templates->render('encrypt', ['title' => 'Encrypt — ', 'mode' => 'wkd', 'wkd_input' => $match['params']['uid']]); break; case 'proofs': - case 'proofsUid': + echo $templates->render('proofs', ['title' => 'Proofs — ', 'mode' => 'auto']); + break; + + case 'proofsAUTO': + echo $templates->render('proofs', ['title' => 'Proofs — ', 'mode' => 'auto', 'auto_input' => $match['params']['uid']]); + break; + case 'proofsHKP': - $content = file_get_contents('pages/proofs.html'); - $content = str_replace('%HKP_UID%', (array_key_exists('uid', $match['params']) ? htmlspecialchars($match['params']['uid']) : ''), $content); - $content = str_replace('%WKD_UID%', '', $content); - header('Content-Type: text/html; charset=utf-8'); - echo($content); + echo $templates->render('proofs', ['title' => 'Proofs — ', 'mode' => 'hkp', 'hkp_input' => $match['params']['uid']]); break; case 'proofsWKD': - $content = file_get_contents('pages/proofs.html'); - $content = str_replace('%HKP_UID%', '', $content); - $content = str_replace('%WKD_UID%', (array_key_exists('uid', $match['params']) ? htmlspecialchars($match['params']['uid']) : ''), $content); - header('Content-Type: text/html; charset=utf-8'); - echo($content); + echo $templates->render('proofs', ['title' => 'Proofs — ', 'mode' => 'wkd', 'wkd_input' => $match['params']['uid']]); break; case 'profile': - $content = file_get_contents('pages/profile.html'); - $content = str_replace('%UID%', htmlspecialchars($match['params']['uid']), $content); - $content = str_replace('%MODE%', "auto", $content); - header('Content-Type: text/html; charset=utf-8'); - echo($content); + echo $templates->render('profile', ['mode' => 'auto', 'uid' => htmlspecialchars($match['params']['uid'])]); break; case 'profileHKP': - $content = file_get_contents('pages/profile.html'); - $content = str_replace('%UID%', htmlspecialchars($match['params']['uid']), $content); - $content = str_replace('%MODE%', "hkp", $content); - header('Content-Type: text/html; charset=utf-8'); - echo($content); + echo $templates->render('profile', ['mode' => 'hkp', 'uid' => htmlspecialchars($match['params']['uid'])]); break; case 'profileWKD': - $content = file_get_contents('pages/profile.html'); - $content = str_replace('%UID%', htmlspecialchars($match['params']['uid']), $content); - $content = str_replace('%MODE%', "wkd", $content); - header('Content-Type: text/html; charset=utf-8'); - echo($content); + echo $templates->render('profile', ['mode' => 'wkd', 'uid' => htmlspecialchars($match['params']['uid'])]); break; case 'guides': - readfile('pages/guides.html'); + echo $templates->render('guides'); break; case 'guideId': $id = htmlspecialchars($match['params']['id']); - if (file_exists("pages/guides/$id.title.html")) { - $content = file_get_contents("pages/template.html"); - $guideTitle = file_get_contents("pages/guides/$id.title.html"); - $guideContent = file_get_contents("pages/guides/$id.content.html"); - $guideContent = "
".$guideContent; - $content = str_replace('%TITLE%', $guideTitle, $content); - $content = str_replace('%CONTENT%', $guideContent, $content); - header('Content-Type: text/html; charset=utf-8'); - echo($content); + if (file_exists("views/guides/$id.title.php")) { + $guideTitle = file_get_contents("views/guides/$id.title.php"); + $guideContent = file_get_contents("views/guides/$id.content.php"); + echo $templates->render('guide', ['guide_title' => $guideTitle, 'guide_content' => $guideContent]); } else { - $content = file_get_contents("pages/template.html"); - $pageTitle = "Guide not found"; - $pageContent = "404 - This guide could not be found :(
"; - $content = str_replace('%TITLE%', $pageTitle, $content); - $content = str_replace('%CONTENT%', $pageContent, $content); - header('Content-Type: text/html; charset=utf-8'); - echo($content); + echo $templates->render("404"); } break; case 'util': $id = htmlspecialchars($match['params']['id']); - readfile("pages/util/$id.html"); + echo $templates->render("util/$id"); break; case 'faq': - readfile("pages/faq.html"); + echo $templates->render("faq"); break; } } else { // No route was matched - $content = file_get_contents("pages/template.html"); - $pageTitle = "404"; - $pageContent = "404 - This page could not be found :(
"; - $content = str_replace('%TITLE%', $pageTitle, $content); - $content = str_replace('%CONTENT%', $pageContent, $content); - header('Content-Type: text/html; charset=utf-8'); - echo($content); + echo $templates->render("404"); } diff --git a/views/404.php b/views/404.php index 89df2a5..d3d6b65 100644 --- a/views/404.php +++ b/views/404.php @@ -1,43 +1,6 @@ - - - - - - -The requested page could not be found :(
+Keyoxide is a lightweight and FOSS solution to make basic cryptography operations accessible to regular humans. It is built to be privacy friendly and secure, it can even be selfhosted.
+Keyoxide is a lightweight and FOSS solution to make basic cryptography operations accessible to regular humans. It is built to be privacy friendly and secure, it can even be selfhosted.
-Keyoxide provides a solution to a modern problem: we humans have developed advanced methods of encrypting data and signing it. Unfortunately, it requires complicated tools that demand a minimal level of understanding cryptography and how keypairs work to leverage these technologies.
-Sadly, this means that true privacy and secrecy in this modern age of surveillance capitalism is reserved to a subset of the world population.
-Luckily, there is one thing we can do. Some cryptographic operations are more accessible than others and less prone to leaking private data. By building a service around only those operations, we hope a wider general audience can benefit from modern cryptography.
+Keyoxide provides a solution to a modern problem: we humans have developed advanced methods of encrypting data and signing it. Unfortunately, it requires complicated tools that demand a minimal level of understanding cryptography and how keypairs work to leverage these technologies.
+Sadly, this means that true privacy and secrecy in this modern age of surveillance capitalism is reserved to a subset of the world population.
+Luckily, there is one thing we can do. Some cryptographic operations are more accessible than others and less prone to leaking private data. By building a service around only those operations, we hope a wider general audience can benefit from modern cryptography.
-Keyoxide can: verify signatures and encrypt messages.
Keyoxide can't: sign messages or decrypt messages.
Keyoxide can: verify signatures and encrypt messages.
Keyoxide can't: sign messages or decrypt messages.
Good question. First, what cryptographic operations are generally available? There's encryption and its counterpart, decryption, but also signing and its counterpart, signature verification.
-Decryption and signing require private keys. Encryption and signature verification only require public keys.
-If you happen to be in possession of a private key, there is one thing you should know: that key is private! It shouldn't leave your computer and most certainly should never be uploaded to any website!
-So yes, alternative services may offer more cryptographic operations but at the highest cost of surrendering your private keys to servers you generally shouldn't trust and companies that may be under geopolitical influence.
-Keyoxide offers a simple solution to the trust issue: we don't want your keys, therefore you don't even need to trust us. Everything that this service offers is possible thanks to publicly available keys.
+Good question. First, what cryptographic operations are generally available? There's encryption and its counterpart, decryption, but also signing and its counterpart, signature verification.
+Decryption and signing require private keys. Encryption and signature verification only require public keys.
+If you happen to be in possession of a private key, there is one thing you should know: that key is private! It shouldn't leave your computer and most certainly should never be uploaded to any website!
+So yes, alternative services may offer more cryptographic operations but at the highest cost of surrendering your private keys to servers you generally shouldn't trust and companies that may be under geopolitical influence.
+Keyoxide offers a simple solution to the trust issue: we don't want your keys, therefore you don't even need to trust us. Everything that this service offers is possible thanks to publicly available keys.
-We still need keys, of course, but only the harmless public keys. And yes, we could have built a website where one can make an account and upload public keys, in a similar fashion as alternative services.
-But why would we? There's already an entire infrastructure out there in the form of websites that host their own keys (plaintext or web key directory) or dedicated "HTTP Key Protocol" or HKP servers, designed specifically for public key hosting. Why reinvent the wheel?
+We still need keys, of course, but only the harmless public keys. And yes, we could have built a website where one can make an account and upload public keys, in a similar fashion as alternative services.
+But why would we? There's already an entire infrastructure out there in the form of websites that host their own keys (plaintext or web key directory) or dedicated "HTTP Key Protocol" or HKP servers, designed specifically for public key hosting. Why reinvent the wheel?
-You can't make an account on Keyoxide because for basic cryptographic operations, we don't need your data or your keys. By not knowing anything about you or using any trackers, this is as privacy-friendly as it gets.
-As for secure, Keyoxide does all the cryptographic processing on your device and never sends data to the server. Besides, it never uses private keys and should you ever enter those.
+You can't make an account on Keyoxide because for basic cryptographic operations, we don't need your data or your keys. By not knowing anything about you or using any trackers, this is as privacy-friendly as it gets.
+As for secure, Keyoxide does all the cryptographic processing on your device and never sends data to the server. Besides, it never uses private keys and should you ever enter those.
-Well, you can't and that is the whole point of Keyoxide. We don't wan't your data or your keys. Uploading your keys and/or data to our servers is required for any of the operations provided by Keyoxide.
+Well, you can't and that is the whole point of Keyoxide. We don't wan't your data or your keys. Uploading your keys and/or data to our servers is required for any of the operations provided by Keyoxide.
-That, we can help you with! Just append your fingerprint to the domain (like so: https://keyoxide.org/9F0048AC0B23301E1F77E994909F6BD6F80F485D) to generate a profile page.
+That, we can help you with! Just append your fingerprint to the domain (like so: https://keyoxide.org/9F0048AC0B23301E1F77E994909F6BD6F80F485D) to generate a profile page.
-There's no app. Why would you want yet another app for what is essentially just a form with a big blue button?
+There's no app. Why would you want yet another app for what is essentially just a form with a big blue button?
-DON'T! We don't want it!
-Alternative services may ask you for your private keys so that they can offer additional functionality. Please understand that your private key is yours and ONLY yours. You should never upload it to any online service, in fact it should never leave your computer.
+DON'T! We don't want it!
+Alternative services may ask you for your private keys so that they can offer additional functionality. Please understand that your private key is yours and ONLY yours. You should never upload it to any online service, in fact it should never leave your computer.
-If you want to be on the receiving end of securely encrypted messages, you should either learn the basics of modern cryptography and know your way around your computer's command line or switch to end-to-end encrypted instant messaging providers.
-Simply put, if you have private keys, you probably won't be using Keyoxide. You will benefit from using command line tools or GUIs like Kleopatra.
-Keyoxide is designed for those without extensive knowledge about cryptography and who wish to encrypt messages to, or verify the authenticity of messages coming from the people with that extensive knowledge.
+If you want to be on the receiving end of securely encrypted messages, you should either learn the basics of modern cryptography and know your way around your computer's command line or switch to end-to-end encrypted instant messaging providers.
+Simply put, if you have private keys, you probably won't be using Keyoxide. You will benefit from using command line tools or GUIs like Kleopatra.
+Keyoxide is designed for those without extensive knowledge about cryptography and who wish to encrypt messages to, or verify the authenticity of messages coming from the people with that extensive knowledge.
-It doesn't need to be centralized to have a "social network" function. Keyoxide simply uses the already existing "social network" of websites hosting their own keys and servers dedicated to hosting large amounts of keys.
+It doesn't need to be centralized to have a "social network" function. Keyoxide simply uses the already existing "social network" of websites hosting their own keys and servers dedicated to hosting large amounts of keys.
-Not a question but we get your point. While there are legitimate reasons PGP should cease to exist, it is still widely used and without any clear sign of imminent extinction, it needs proper tooling.
-It should be noted that while PGP can indeed be harmful when applied to email encryption, there are other legitimate ways of leveraging PGP to encrypt and/or sign messages.
-That being said, Keyoxide aims to integrate different cryptographic technologies and therefore ease the transition away from PGP.
+Not a question but we get your point. While there are legitimate reasons PGP should cease to exist, it is still widely used and without any clear sign of imminent extinction, it needs proper tooling.
+It should be noted that while PGP can indeed be harmful when applied to email encryption, there are other legitimate ways of leveraging PGP to encrypt and/or sign messages.
+That being said, Keyoxide aims to integrate different cryptographic technologies and therefore ease the transition away from PGP.
-- verify signature - encrypt message - verify proofs -
-- wkd -
-Keyoxide is a lightweight and FOSS solution to make basic cryptography operations accessible to regular humans.
-
- Made by Yarmo Mackenbach.
-
- Code hosted on Codeberg (drone CI/CD).
-
- Uses openpgp.js (version 4.10.4).
-
+ verify signature + encrypt message + verify proofs +
++ wkd +
+Keyoxide is a lightweight and FOSS solution to make basic cryptography operations accessible to regular humans.
+
+ Made by Yarmo Mackenbach.
+
+ Code hosted on Codeberg (drone CI/CD).
+
+ Uses openpgp.js (version 4.10.4).
+