Encrypting messages VKontakte AES method for browsers Chrome and Firefox

After the PRISM scandal, the issue of data security has become even more urgent than it was, and even if you are not a secret agent, your personal correspondence should correspond to its name, and by default should be closed from access by third parties. Taking it as an axiom, this principle, I started developing add-ons for browsers to work with the popular social network in the CIS countries VKontakte using the AES method.

A small background, the AES (Advanced Encryption Standard) algorithm is a symmetric encryption algorithm that, on a competitive basis, was adopted as the encryption standard by the US government according to the results of the same-name competition.

The algorithm is described in detail, and there are various implementations of it for different platforms and a web interface (for example, here ). To encrypt / decrypt text, you need a message and a key (and the block size, by default, 256, but it happens 128, 196). The encrypted message can be transmitted through any communication channel, such as SMS, IM, mail, social networks.
')
So, for some time I lived with a periodic pop-up thought, why don't we automate the process of decrypting and encrypting messages for the vk.com network?

I saw the process architecture as follows:

1) somewhere next to the submission form, a form for entering the secret key appears
2) instead of the original form of the contact (the data from which is saved by the way and without sending), an alternative text form is drawn, and after pressing the send button, the data from this form is encrypted in accordance with the key, and inserted into the usual form of the contact in the encrypted form + at the beginning of the message set the marker AESSTART.
3) The encrypted message is sent as normal.
4) the extension tracks the open dialog window, scans messages for the presence of an AESSTART marker, and if there is a marker, decrypts in accordance with the entered key. + displays the key icon to the right of the message and changes the background to green

Difficulties with the implementation of plug-ins were associated with features of development for a specific platform, and the study of documentation.

The result is this:

Chrome: https://chrome.google.com/webstore/detail/vkcrypt/lemdbelcbpfbohjiimbcdhbonmlamdbm/
Mozilla: https://addons.mozilla.org/en–US/firefox/addon/vkcrypt/


As it turned out, the Chrome version is safer, since the extension scripts and site scripts are executed in isolation from each other, in different environments. In Mozilla Firefox, theoretically, VKontakte can read an array of keys by gaining access to window.secureKeys. In chrome, the entered keys exist only on the user’s side; there is no access to them from the VK side.

Short instructions:

In order for encryption and decryption of information to work, you must know the secret key (password), which your interlocutor must also know.

It is best to exchange the key in person, it can be a set of letters and numbers.

Install the plugin, enter the dialogue mode with your interlocutor (in the mini chat and in the message mode the plugin does not work), if the plugin is installed, the link “ENTER SECRET KEY” will be to the right of the text form and avatar.

Click this link and in the window that appears, enter your secret key. Your partner should do the same operation.

Now your messages will be sent encrypted, and the encrypted messages of the interlocutor will be displayed in decrypted form.

project page | source code