AES Vkontakte message encryption for Chrome and Firefox

image

After the scandal with PRISM, the issue of data security became even more relevant than it was, and even if you are not a secret agent, then your personal correspondence should correspond to its name, and by default it should be closed to third parties. Taking this as an axiom this principle, I started developing add-ons for browsers to work with the social network vkontakte, popular in the CIS countries, using the AES method.

A small background, the AES (Advanced Encryption Standard) algorithm is a symmetric encryption algorithm that has been competitively adopted as the encryption standard by the US government based on the results of the competition of the same name.

The algorithm is described in detail, and there are its various implementations for different platforms and the web interface (for example, here ). To encrypt / decrypt the text, you need a message and a key (and the block size, by default 256, but it happens 128, 196). An encrypted message can be transmitted through any communication channel, for example SMS, IM, mail, social networks.

So, for some time I lived with a periodically pop-up thought, why not automate the process of decrypting / encrypting messages for the vk.com network?

I saw the architecture of the process as follows:
1) somewhere next to the sending form, the secret key input form appears
2) instead of the original VKontakte form (the data from which is saved by the way without sending), an alternative text form is drawn, and after clicking the submit button, the data from this form is encrypted in accordance with the key, and inserted into the usual VKontakte form in encrypted form + at the beginning of the message AESSTART marker is set.
3) the encrypted message is sent as usual
4) the extension monitors the open dialog box, scans messages for the presence of the AESSTART marker, and if there is a marker, decrypts it in accordance with the entered key. + displays the key icon to the right of the message and changes the background to green.
Difficulties with the implementation of plugins were related to the development features for a specific platform, and the study of documentation.

The result is this:
Chrome: https://chrome.google.com/webstore/detail/vkcrypt/lemdbelcbpfbohjiimbcdhbonmlamdbm/
Mozilla: https://addons.mozilla.org/en–US/firefox/addon/vkcrypt/
As it turned out the version for Chrome is safer, because in it extension scripts and site scripts are executed in isolation from each other, in different environments. In Mozilla Firefox, theoretically a contact can read an array with keys by accessing window.secureKeys. In chrome, the entered keys exist only on the user side, on the contact side there is no access to them.

Brief Instruction:

In order for encryption and decryption of information to work, you must know the secret key (password), which your interlocutor must also know.

It is best to exchange a key in person, it can be a set of letters and numbers.

Install the plugin, enter the dialogue mode with your interlocutor (in the mini chat and in the message mode the plugin does not work), if the plugin is installed, there will be a link “ENTER SECRET KEY” to the right of the text form and avatar.

Click this link, and in the window that appears, enter your secret key. Your interlocutor should do the same operation.

Now your messages will be sent encrypted, and the encrypted messages of the interlocutor will be displayed in decrypted form.

project page | source code