Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/eddieoz/openxrypt

OpenXrypt: Secure and Private Direct Messaging for Social Media
https://github.com/eddieoz/openxrypt

automation chrome-extension chrome-extensions extension extension-chrome gpg gpg-encryption messenger privacy privacy-enhancing-technologies privacy-protection privacy-tools security security-tools social-media twitter

Last synced: 5 days ago
JSON representation

OpenXrypt: Secure and Private Direct Messaging for Social Media

Awesome Lists containing this project

README

        

## OpenXrypt: Secure and Private Direct Messaging for Social Media

OpenXrypt is a Chrome extension that provides secure and encrypted communication on social media platforms. It utilizes the OpenPGP encryption standard to help protect the privacy of your communications and ensure the confidentiality of sensitive information.

## Compatible Platforms

- Twitter DMs
- Whatsapp Web

## The Importance of Secure Communication

Social media platforms have become integral parts of our daily lives, facilitating real-time communication, information sharing, and community building. However, the inherent nature of these platforms often raises concerns regarding user privacy and data security. Unencrypted messages and personal information are susceptible to unauthorized ads and access, potential surveillance and/or data breaches, posing significant risks to individuals and organizations.

OpenXrypt recognizes the critical need for secure communication channels, particularly in an era where privacy violations and data mishandling have become increasingly prevalent. By offering robust encryption capabilities, OpenXrypt aims to empower users to engage in secure conversations, share sensitive information, and express themselves freely without the fear of unauthorized monitoring or interception.

## Key Features

- **End-to-End Encryption:** Encrypts messages using OpenPGP to ensure only the sender and recipient can access the content.
- **Automatic Encryption and Decryption:** OpenXrypt seamlessly integrates with the compatible platforms, automatically encrypting and decrypting messages using OpenPGP standards, ensuring that sensitive information remains protected during transmission and storage.
- **Group Messages Encryption** You can encrypt messages on X and Whatsapp groups by just having all participants public keys registered.
- **Passphrase Management:** Users can securely set, reset, and manage their passphrases, enabling them to maintain control over their encryption keys and ensure the confidentiality of their communications.
- **Key Management:** OpenXrypt provides a user-friendly interface for adding, editing, and deleting GPG public and private keys, allowing users to manage their encryption keys and those of their contacts with ease.
- **Timeline Obfuscation**: OpenXrypt enhances your privacy by obfuscating your timeline, making it hard for algorithms to use your content for AI training or targeted advertising. Your posts will be symmetrically encrypted with a SHA-256 hash of your public key's fingerprint, ensuring your content remains public but more secure.
- **Timeline Encryption**: You can use GPG to encrypt messages for your target audience using their public keys and post them on your timeline. This ensures message privacy because no algorithm can identify the recipients who can decrypt and read the messages. By leveraging this method, you can confidently share sensitive information publicly, knowing that only your intended audience can access the message content. Here's how you can do it:

- Encrypt Your Message: Use GPG to encrypt your message with the public keys of your intended recipients. You can use tools like `gpg cli`, `Kleopatra`, `GPGTools`, among others.
- Post the Encrypted Message: Share the encrypted message on your timeline.
- Ensure Privacy: Only the recipients with the corresponding private keys can decrypt and read the message, ensuring that the content remains secure and private.

### Screenshots

![Popup](imgs/opnxrpt-popup.png)
![Manage pubkeys](imgs/opnxrpt-mng-pubkeys.png)
![Manage privkeys](imgs/opnxrpt-mng-privkeys.png)
![Show pubkey](imgs/opnxrpt-show-pubkeys.png)

### How It Works

1. **Install Extension:** Add OpenXrypt to your Chrome browser.
2. **Setup Keys:**
- Add GPG (armored) public keys for your contacts.
- Add GPG (armored) your own private key for decryption ** - recommend ECC-25519 bc size&speed**
- Tip for for beginners: to create your keys, use an app like Kleopatra on Linux & Windows or GPGTools on a Mac
3. **Encrypt & Decrypt:**
- **Encrypt:** Select text in a direct message and click the "Encrypt" button in the popup.
- **Decrypt:** Encrypted messages will be automatically decrypted and replaced with readable text.

### Getting Started

#### Installation

1. Clone the repository or download the ZIP:
```bash
git clone https://github.com/eddieoz/openxrypt.git
```
2. Open the Chrome Extensions page by navigating to `chrome://extensions/`.
3. Enable "Developer mode" using the toggle switch.
4. Click "Load unpacked" and select the cloned/downloaded `openxrypt` folder.
5. Close and reopen the browser to correctly load the extension.

### Key Management

- **Manage Public Keys:** Add and delete public keys for your contacts.
- **Manage Private Keys:** Add, delete, and use your private key to decrypt messages.
- **View Fingerprints:** Easily view the GPG fingerprint for each key.

1. All keys are managed locally.
2. It is recommended to create a new private key for messaging purposes.

#### Public Key Management

1. Open the **Manage Keys** section via the popup.
2. Enter the X handle and paste the contact's public key.
- For Whatsapp Web, enter the mobile number ex. 552134562938 and the contact's public key
3. Click **Add Key**.

#### Private Key Management

1. Enter your X handle and paste your private key.
- For Whatsapp Web, enter your mobile number ex. 552134562938 and paste your private key.
2. Click **Add Private Key**.

### How to Encrypt and Decrypt Messages

#### Encrypt Text

##### DM:
1. Go and DM one of your contacts that you have already added a public key (from Messages left menu)
![](imgs/opnxrpt-send.msg.png)
2. Write a message
3. Click the **Encrypt** button.
- The selected text will be encrypted and replaced.
4. Send the message on X.

##### Timeline
1. Just write your post, click on **Encrypt** button.
2. Send the message on X.

#### Automatic Decryption

Encrypted messages will be automatically decrypted on the X website.

#### My pubkey

If you want to try, drop me a DM on X. Just add `@eddieoz` and the pubkey below.

```
-----BEGIN PGP PUBLIC KEY BLOCK-----

xjMEZj4wahYJKwYBBAHaRw8BAQdAFYhu0HUpfn3Iku+KFGghJdYB1HefU4cB
F5u2rhmI5NfNHEVkZGllT3ogKHVzZWQgZm9yIE9wZW5YcnlwdCnCrQQTFggA
PhYhBBOCHcMytdy4w1uDNtbLM3XlJgVNBQJmPjBqAhsDBQkB4TOABQsJCAcC
BhUKCQgLAgQWAgMBAh4BAheAACEJENbLM3XlJgVNFiEEE4IdwzK13LjDW4M2
1sszdeUmBU0pKwD9EgovnDI7yVZXmSKZlFgl3VZl2tDnw1EgIoEG9Qt+v/QB
AI0dIlX3J7IZrccUWPcRcOU3V9Jb6hMeChkd3tUKlOMPzjgEZj4wahIKKwYB
BAGXVQEFAQEHQKfhytNbWHaSneg613gh/nA/wA+IcuKiuszsPHJ8kSswAwEI
B8KVBBgWCAAmFiEEE4IdwzK13LjDW4M21sszdeUmBU0FAmY+MGoCGwwFCQHh
M4AAIQkQ1sszdeUmBU0WIQQTgh3DMrXcuMNbgzbWyzN15SYFTXQAAP4jOFzK
MjdyS8Sw//1pD1Sle329OCU+bW1gh96m0fErzgEA+GkFAcH5XkELMDy6CUHF
fPpU+z70EKFF+IXjY6nm9QY=
=JhSM
-----END PGP PUBLIC KEY BLOCK-----

```

#### Setup for Development

1. Clone the repository.
2. Install the extension using the steps in the Installation section.
3. Make changes and reload the extension.

### Contribution Guidelines

- Fork the repository and clone to your local environment.
- Create a new feature branch.
- Commit your changes with clear messages.
- Push your feature branch and submit a PR.

#### To-do

- Encrypted public timeline posts ('maybe' use symmetric encryption with X handle, just to keep it fuzzy).
- Extend the extension to cover more web messengers like Telegram web, and others.
- Try newer algorithms like NaCL + Chacha20 to increase performance. Study the trade-offs.

#### Known limitations

- It does not encrypt images and emojis
- Can't encrypt messages for a group yet
- Can't encrypt messages in timeline
- Limited use of cryptography through opengpg yet.

### License

This project is licensed under the MIT License.

---

#### FAQs

1. **How does OpenXrypt handle my passphrase?**

The passphrase is securely stored in session storage and only for the current browser session.

2. **Can I use OpenXrypt with other platforms?**

Currently, OpenXrypt is optimized for X direct messages and Whatsapp Web, but can be extended to other platforms.

3. **Is my data stored online?**

No, OpenXrypt stores encryption keys locally in your browser's storage.

### Contact

For further queries, reach out via [GitHub Issues](https://github.com/eddieoz/openxrypt/issues).

Feel free to ask for more questions or specific edits!

## Buy me a coffee

Did you like it? [Buy me a coffee](https://www.buymeacoffee.com/eddieoz)

[![Buy me a coffee](https://ipfs.io/ipfs/QmR6W4L3XiozMQc3EjfFeqSkcbu3cWnhZBn38z2W2FuTMZ?filename=buymeacoffee.webp)](https://www.buymeacoffee.com/eddieoz)

Or drop me a tip through Lightning Network: ⚡ [zbd.gg/eddieoz](https://zbd.gg/eddieoz)