staticrypt/index.html

302 wiersze
12 KiB
HTML
Czysty Zwykły widok Historia

2017-04-29 13:14:06 +00:00
<!doctype html>
<html>
<head>
<meta charset="utf-8">
2017-06-15 10:32:45 +00:00
<title>StatiCrypt: Password protect static HTML</title>
2017-04-29 13:14:06 +00:00
<meta name="description" content="">
<meta name="viewport" content="width=device-width, initial-scale=1">
2017-06-17 18:44:00 +00:00
<link rel="stylesheet"
type="text/css"
href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css"
integrity="sha384-BVYiiSIFeK1dGmJRAkycuHAHRg32OmUcww7on3RYdg4Va+PmSTsz/K68vbdEjh4u"
crossorigin="anonymous">
2017-06-14 14:19:24 +00:00
<style>
a.no-style {
color: inherit;
text-decoration: inherit;
}
body {
font-size: 16px;
}
label.no-style {
font-weight: normal;
}
2017-06-14 14:19:24 +00:00
</style>
2017-06-14 15:22:24 +00:00
<script>
(function(i,s,o,g,r,a,m){i['GoogleAnalyticsObject']=r;i[r]=i[r]||function(){
(i[r].q=i[r].q||[]).push(arguments)},i[r].l=1*new Date();a=s.createElement(o),
m=s.getElementsByTagName(o)[0];a.async=1;a.src=g;m.parentNode.insertBefore(a,m)
})(window,document,'script','https://www.google-analytics.com/analytics.js','ga');
ga('create', 'UA-73629908-2', 'auto');
ga('send', 'pageview');
</script>
2017-04-29 13:14:06 +00:00
</head>
<body>
<div class="container">
<div class="row">
<div class="col-xs-12">
2017-06-14 14:19:24 +00:00
<h1>
StatiCrypt
<div class="pull-right">
<iframe src="https://ghbtns.com/github-btn.html?user=robinmoisson&repo=staticrypt&type=star&size=large"
frameborder="0" scrolling="0" width="80px" height="30px"></iframe>
<iframe src="https://ghbtns.com/github-btn.html?user=robinmoisson&repo=staticrypt&type=fork&size=large"
frameborder="0" scrolling="0" width="80px" height="30px"></iframe>
</div>
<br>
<small>Password protect a static HTML page</small>
</h1>
<p>
Based on the <a href="https://github.com/brix/crypto-js">crypto-js library</a>, StatiCrypt uses AES-256
to encrypt your string with your passphrase in your browser (client side).
</p>
2017-04-29 13:14:06 +00:00
<p>
2017-06-14 15:22:24 +00:00
Download your encrypted string in a HTML page with a password prompt you can upload anywhere (see <a
target="_blank" href="example.html">example</a>).
2017-04-29 13:14:06 +00:00
</p>
<p>
The tool is also available as <a href="https://npmjs.com/package/staticrypt">a CLI on NPM</a>.
</p>
2017-06-14 14:19:24 +00:00
<br>
2017-06-14 15:22:24 +00:00
<h4><a class="no-style" id="toggle-concept" href="#">HOW IT WORKS ►</a></h4>
2017-06-14 14:19:24 +00:00
<div id="concept" class="hidden">
2018-02-19 18:45:43 +00:00
<p>
<b class="text-danger">Disclaimer</b> if you have extra sensitive banking data, you should probably
use something else!
</p>
2017-06-14 14:19:24 +00:00
<p>
StatiCrypt generates a static, password protected page that can be decrypted in-browser:
2017-06-15 11:21:59 +00:00
just send or upload the generated page to a place serving static content (github pages, for example)
2017-06-14 14:19:24 +00:00
and you're done: the javascript will prompt users for password, decrypt the page and load your HTML.
</p>
<p>
2018-02-19 18:45:43 +00:00
It basically encrypts your page and puts everything with a user-friendly way to use a password
2017-06-14 15:22:24 +00:00
in the new file.
2017-06-15 11:21:59 +00:00
<br>AES-256 is state of the art but <b>brute-force/dictionary attacks would be trivial to
2018-02-19 18:45:43 +00:00
do at a really fast pace: use a long, unusual passphrase!</b>
2017-06-14 14:19:24 +00:00
</p>
<p>
2018-02-19 18:45:43 +00:00
Feel free to contribute or report any thought to the
<a href="https://github.com/robinmoisson/staticrypt">GitHub project</a>!
2017-06-14 14:19:24 +00:00
</p>
</div>
2017-06-14 15:22:24 +00:00
<br>
2017-04-29 13:14:06 +00:00
</div>
</div>
<div class="row">
<div class="col-xs-12">
<form id="encrypt_form">
<div class="form-group">
<label for="passphrase">Passphrase</label>
<input type="password" class="form-control" id="passphrase"
placeholder="Passphrase (choose a long one!)">
</div>
<div class="form-group">
2017-06-14 14:19:24 +00:00
<label for="unencrypted_html">HTML/string to encrypt</label>
2017-06-14 15:22:24 +00:00
<textarea class="form-control" id="unencrypted_html" placeholder="<html><head>..."
rows="5"></textarea>
2017-04-29 13:14:06 +00:00
</div>
2017-06-14 14:19:24 +00:00
<p>
<a href="#" id="toggle-extra-option">+ More options</a>
</p>
<div id="extra-options" class="hidden">
<div class="form-group">
<label for="title">Page title</label>
<input type="text" class="form-control" id="title" placeholder="Default: 'Protected Page'">
</div>
<div class="form-group">
<label for="instructions">Instructions to display the user</label>
<textarea class="form-control" id="instructions" placeholder="Default: nothing."></textarea>
</div>
2017-04-29 13:14:06 +00:00
</div>
<div class="form-group">
<label class="no-style">
<input type="checkbox" id="embed-crypto" checked>
Embed crypto-js into your file
<abbr title="Leave checked to include crypto-js into your file so you can decrypt it offline.
Uncheck to load crypto-js from a CDN (some adblockers might think it's a crypto miner).">?</abbr>
</label>
</div>
2017-06-14 14:19:24 +00:00
<button class="btn btn-primary pull-right" type="submit">Generate passphrase protected HTML</button>
2017-04-29 13:14:06 +00:00
</form>
</div>
</div>
<div class="row">
<div class="col-xs-12">
<h2>Encrypted HTML</h2>
2017-06-15 10:27:47 +00:00
<p><a class="btn btn-success download"
download="encrypted.html"
id="download-link"
2017-06-14 14:19:24 +00:00
disabled="disabled">Download html file with password prompt</a></p>
2017-04-29 13:14:06 +00:00
<pre id="encrypted_html_display">
2017-06-14 14:19:24 +00:00
Your encrypted string</pre>
2017-04-29 13:14:06 +00:00
</div>
</div>
</div>
<!--
Crypto JS 3.1.9-1
Copied as is from https://cdnjs.cloudflare.com/ajax/libs/crypto-js/3.1.9-1/crypto-js.js
Filename changed to circumvent adblockers that mistake it for a crypto miner (see https://github.com/robinmoisson/staticrypt/issues/107)
-->
<script src="kryptojs-3.1.9-1-lib.js"></script>
2017-04-29 13:14:06 +00:00
2017-06-19 08:46:47 +00:00
<script src="https://cdn.ckeditor.com/4.7.0/standard/ckeditor.js"></script>
2017-04-29 13:14:06 +00:00
<script>
2017-06-19 08:46:47 +00:00
// enable CKEDIRTOR
CKEDITOR.replace( 'instructions' );
var htmlToDownload;
2017-06-15 05:36:09 +00:00
var renderTemplate = function (tpl, data) {
return tpl.replace(/{(.*?)}/g, function (_, key) {
return data && data[key] || '';
});
};
2017-04-29 13:14:06 +00:00
/**
* Fill the password prompt template with data provided.
* @param data
*/
var setFileToDownload = function (data) {
2017-06-15 05:36:09 +00:00
var request = new XMLHttpRequest();
request.open('GET', 'password_template.html', true);
request.onload = function() {
var renderedTmpl = renderTemplate(request.responseText, data);
2017-04-29 13:14:06 +00:00
2017-06-15 05:36:09 +00:00
var downloadLink = document.querySelector('a.download');
2017-06-15 10:27:47 +00:00
downloadLink.href = 'data:text/html,' + encodeURIComponent(renderedTmpl);
2017-06-15 05:36:09 +00:00
downloadLink.removeAttribute('disabled');
htmlToDownload = renderedTmpl;
2017-04-29 13:14:06 +00:00
};
2017-06-15 05:36:09 +00:00
request.send();
};
2017-04-29 13:14:06 +00:00
/**
* Download crypto-js lib to embed it in the generated file, update the file when done.
* @param data
*/
var setFileToDownloadWithEmbeddedCrypto = function (data) {
var request = new XMLHttpRequest();
request.open('GET', 'kryptojs-3.1.9-1-lib.js', true);
request.onload = function() {
data['crypto_tag'] = '<script>' + request.responseText + '</scr' + 'ipt>';
setFileToDownload(data);
};
request.send();
};
/**
* Salt and encrypt a msg with a password.
* Inspired by https://github.com/adonespitogo
*/
var keySize = 256;
var iterations = 1000;
function encrypt (msg, password) {
var salt = CryptoJS.lib.WordArray.random(128/8);
var key = CryptoJS.PBKDF2(password, salt, {
keySize: keySize/32,
iterations: iterations
});
var iv = CryptoJS.lib.WordArray.random(128/8);
var encrypted = CryptoJS.AES.encrypt(msg, key, {
iv: iv,
padding: CryptoJS.pad.Pkcs7,
mode: CryptoJS.mode.CBC
});
// salt, iv will be hex 32 in length
// append them to the ciphertext for use in decryption
var encryptedMsg = salt.toString()+ iv.toString() + encrypted.toString();
return encryptedMsg;
}
/**
* Handle form submission.
*/
2017-06-15 05:36:09 +00:00
document.getElementById('encrypt_form').addEventListener('submit', function (e) {
e.preventDefault();
2017-04-29 13:14:06 +00:00
2017-06-19 08:46:47 +00:00
// update instruction textarea value with CKEDITOR content
// (see https://stackoverflow.com/questions/3147670/ckeditor-update-textarea)
CKEDITOR.instances['instructions'].updateElement();
2017-06-15 05:36:09 +00:00
var unencrypted = document.getElementById('unencrypted_html').value;
var passphrase = document.getElementById('passphrase').value;
2017-04-29 13:14:06 +00:00
var encrypted = encrypt(unencrypted, passphrase);
var hmac = CryptoJS.HmacSHA256(encrypted, CryptoJS.SHA256(passphrase).toString()).toString();
2017-06-15 05:36:09 +00:00
var encryptedMsg = hmac + encrypted;
2017-04-29 13:14:06 +00:00
2017-06-15 05:36:09 +00:00
var pageTitle = document.getElementById('title').value.trim();
var instructions = document.getElementById('instructions').value;
var data = {
title: pageTitle ? pageTitle : 'Protected Page',
instructions: instructions ? instructions : '',
encrypted: encryptedMsg,
2017-06-15 15:49:45 +00:00
crypto_tag: '<script src="https://cdnjs.cloudflare.com/ajax/libs/crypto-js/3.1.9-1/crypto-js.min.js" integrity="sha384-lp4k1VRKPU9eBnPePjnJ9M2RF3i7PC30gXs70+elCVfgwLwx1tv5+ctxdtwxqZa7" crossorigin="anonymous"></scr' + 'ipt>'
2017-06-15 05:36:09 +00:00
};
2017-04-29 13:14:06 +00:00
2017-06-15 05:36:09 +00:00
document.getElementById('encrypted_html_display').textContent = encryptedMsg;
2017-06-14 14:19:24 +00:00
if (document.getElementById("embed-crypto").checked) {
setFileToDownloadWithEmbeddedCrypto(data);
}
else {
setFileToDownload(data);
}
2017-06-15 05:36:09 +00:00
});
2017-06-14 14:19:24 +00:00
2017-06-15 05:36:09 +00:00
document.getElementById('toggle-extra-option')
.addEventListener('click', function (e) {
e.preventDefault();
document.getElementById('extra-options').classList.toggle('hidden');
});
2017-06-14 14:19:24 +00:00
2017-06-15 05:36:09 +00:00
document.getElementById('toggle-concept')
.addEventListener('click', function (e) {
e.preventDefault();
document.getElementById('concept').classList.toggle('hidden');
2017-04-29 13:14:06 +00:00
});
/**
* Browser specific download code.
*/
2017-06-15 10:27:47 +00:00
document.getElementById('download-link')
.addEventListener('click', function (e) {
var isIE = (navigator.userAgent.indexOf("MSIE") !== -1 ) || (!!document.documentMode === true ); // >= 10
var isEdge = navigator.userAgent.indexOf("Edge") !== -1;
// download with MS specific feature
if (htmlToDownload && (isIE || isEdge)) {
e.preventDefault();
var blobObject = new Blob([htmlToDownload]);
window.navigator.msSaveOrOpenBlob(blobObject, 'encrypted.html');
}
return true;
})
2017-04-29 13:14:06 +00:00
</script>
</body>
</html>