KOKOGIAK

GEDANKENGANG

Introducing Message Vault

About a month ago, I was mulling over an issue, and thought I had a fairly decent idea to fix it. I was wondering how to pass on information about my "online life" to my wife, should I be struck by a bus and put into a coma (God forbid). All of the real-world stuff is taken care of, but my online world has some value too, and I'd like to see it cared for.

I could easily type up all my login/password combos with URLs to match and leave that in a text file sitting on our shared PC, but then it's just lying there within easy reach of anyone who might sit down (babysitter, neighbor kid, etc). It struck me that there was a way to use existing encryption algorithms in Javascript - plus the ability of IE and Firefox to read and write local files - to allow a person to create, edit and save encrypted messages using just a browser and Javascript. I set out to build such a tool, and Message Vault is the result.

Message Vault is a "Portable Self-decrypting Archive", written in HTML and Javascript. That means that it's a single file that can be opened in a web browser for reading, editing, encryption and decryption. The one HTML file carries the encrypted message plus the code to encrypt/decrypt/edit it.

It turns out that I did quite a bit of "reinventing the wheel", mostly due to ignorance on my part - but what it led me to was a unique solution. Encrypted messages are nothing new - but usually require specialized software to read/write/encrypt. The concept of a self-decrypting archive (SDA) is also nothing new, but existing SDAs are often platform-dependent (tied to a particular operating system), and are also usually treated as an executable file (less ease of sharing). Sure, you can password-protect a Word document, but if you want to share it, the recipient also needs to have Word installed (possibly even a specific version of Word).

The beauty of creating an SDA in HTML/Javascript is that it's platform-agnostic (works on any PC that can run a modern web browser). Message Vault messages can be read by nearly any modern browser (all of the ones in Yahoo's A-List browser chart). They can be created/edited with either Internet Explorer or Firefox (on Mac, PC, or Linux). They are also very portable, as an HTML file can be shared via email, FTP, website, removable disk, you name it.

So, if there's a message you want to share, but only with a chosen group of people. You can use Message Vault to write it, encrypt it, and then share the HTML file with your friends, sending them the password through a separate channel. Ideas for use off the top of my head include sharing login/passwords (like my original inspiration), or Mom's famous recipe for Chicken Picatta, or maybe sales figures you want to share with a co-worker, or a diary entry meant only for your future self. Whatever you want to use it for (you may want to verify that it's legal to use 128-bit encryption in your country/locale first).

This project would have gone nowhere without the assistance of a number of very helpful contributors. First, Jeremy Ruston and his TiddlyWiki for the inspiration to create a robust tool that relies on the browser to read and write local files. Second, Paul Johnston (Paj), for his great work on Javascript cryptography - thanks so much for the generosity of sharing that code. And (as I discovered halfway through my project), for sharing his work-to-date on an abandoned Javascript SDA project of his own here, and the other contributors listed on that page. And last, but not least, my friend Ben Adida, for patiently guiding me through the somewhat bewildering world of cryptography.

I hope this is a useful tool. Please contact me at kokogiak@gmail.com if you have any questions or issues (or bugs). Also, if this is all rather confusing, there is a short Screeencast demo linked from the main page at messagevault.org.

2 Comments +

This looks very interesting indeed!

I just wish there were some basic formatting options (i.e. headings, bold and italics - like in TiddlyWiki or MediaWiki), and being able to add hyperlinks would be very helpful as well.

Anyways, thanks for the effort you put into this!
by Anonymous Ace_NoOne at 2:33 PM 
I discovered this in such a circuitous way: I was reading through a recent posting on Lifehacker.com about "Show us your Firefox" and one of the images posted noted messagevault.org.

Stumbling over here I was amazed at the elegant simplicity of what you did. (And chuckled at your reason for creating it being to share your digital life with your wife... exactly my goal.)

So far I have been using Keepass, which is excellent but rather complicated. I had wished for a way to easily encrypt a plain TXT file... MessageVault is almost as simple and certainly safer.

Thank you so much for creating it!

athene8 (at) gmail dot com
by Anonymous Anonymous at 3:21 PM 
Archives: