November 27th, 2006 at 1:58 pm

Encrypted contact forms for WordPress

We are happy to announce the release of our next great WordPress plugin. It is called Subrosa and it is a snap-in for various WordPress contact forms to allow Public Key encryption of confidential messages. What this is and what the benefits are, is explained very well in a Wikipedia article.

The plugin is tested with the legacy WP Contact Form by Ryan Duff and with Contact Form ][ by Chip Cuccio. But others should work, too.

You can read more about the plugin on its description page, where you will also find the download.

To see a demonstration of the plugin, visit our contact form.

This plugin is based on the work of a couple of other authors. I want to especially thank Herbert Hanewinkel, who did not only do most of the JavaScript implementations of the cryptographic algorithms, but who also helped me with the development of this plugin. Not to forget that much of the frontend stuff is derived from his insightful online demo.

10 Comments

  1. Michael Moore · November 28th, 2006 at 9:15 am #

    You can’t use JavaScript for protection

    http://neosmart.net/blog/archives/193

    I found this link in less than 2 seconds, it was on a ha.ckers.org post. It explains fully why these methods will never work.

  2. Alex Günsche · November 28th, 2006 at 11:05 am #

    Hello “Michael Moore”,

    I’m afraid you didn’t understand what this is about. The article you mention is about protecting e-mail-adresses from being harvested by spammers. This has nothing to do with real encryption. We’re talking about protecting a message with special methods, so that even the CIA won’t read your message within the next 100 years.

  3. Alan J Castonguay · November 29th, 2006 at 2:13 am #

    I never would have expected that Javascript was fast enough to do the math required for PKI in a reasonable amount of time. Apparently that assumption was incorrect, and thus, this is really cool.

  4. Alex Günsche · November 29th, 2006 at 11:50 am #

    I never would have expected that Javascript was fast enough to do the math required for PKI in a reasonable amount of time.

    Me neither. ;-) I had been searching for something like this for quite a time on the web, and I was very impressed when I first saw Mr. Hanewinkel’s implementation.

  5. Romerican · November 29th, 2006 at 1:25 pm #

    The CIA might not read it in 100 years, but you can bet that perpetual cat-and-mouse will allow the NSA to read it within 10 years (and that’s assuming they don’t actually target you actively). Even though encryption merely buys you a little time, I’m very glad you’ve shared this plugin. I’ll try it out.

  6. Cregy · December 1st, 2006 at 9:12 am #

    Encrypted Contact Form…

    From the website:
    We are happy to announce the release of our next great WordPress plugin. It is called Subrosa and it is a snap-in for various WordPress contact forms to allow Public Key encryption of confidential messages. What this is and what the b…

  7. dude · December 2nd, 2006 at 9:52 pm #

    So what´s the real benefit?
    I thought this might protect any contact forms, but it doesnt, does it?

  8. Alex Günsche · December 3rd, 2006 at 11:38 am #

    Hey dude, how about putting that fancy cigaret aside and asking your question once again? ;-)

  9. matt · June 26th, 2007 at 6:10 pm #

    Thanks for this, if you combine this with a free email cert from Thawte or enigmail then you have user-agent to server to webmaster encryption without the need for SSL.
    This can also be adapted to protect your session variables and sensitive cookie data from being replayed, with a few tweaks.
    Very useful

  10. Alex Günsche · June 27th, 2007 at 11:49 am #

    Cool, Thawte offers free e-mail certificates? How can I get one?
    edit: I found it! I’ll check it out.

Leave a Comment