forro

End-to-end encrypted contract form based on PGP.
git clone git://git.defalsify.org/forro.git
Info | Log | Files | Refs | README | LICENSE

README.md (2921B)

      1 # Forro
      2 
      3 Forro is an end-to-end encrypted contact form application for web browsers.
      4 
      5 It is written in pure javascript using the [alpinejs](https://alpinejs.dev/) framework.
      6 
      7 It uses [PGP (openpgpjs)](https://openpgpjs.org/) for signatures and encryption.
      8 
      9 
     10 ## Dependencies
     11 
     12 * [wala-rust](https://defalsify.org/git/wala-rust/) `v0.1.7` (see `Backend` below)
     13 
     14 
     15 ## Install
     16 
     17 * `nvm install 18.8`
     18 * `nvm use 18.8`
     19 * `npm install`
     20 
     21 
     22 ## Run
     23 
     24 Simple serve the repository root directory with a web server, e.g. [webfsd](https://github.com/ourway/webfsd)
     25 
     26 
     27 ## User interface
     28 
     29 The application consists of only two pages.
     30 
     31 ### Key unlock screen
     32 
     33 Session storage is checked for an existing key from a previous visit. If none is found, a new PGP key is created. Upon key creation, the user chooses whether or not to provide a passphrase to encrypt the key in storage. 
     34 
     35 ### Main screen
     36 
     37 All functionality is contained within a single page.
     38 
     39 It contains:
     40 
     41 * Application state description
     42 * Descriptions and download links for the client's private key, aswell as the receiver's public key.
     43 * A form with:
     44 	- text area for message content.
     45 	- file attachment button to attach files.
     46 	- option to manually supply name and email to use as identity for the key
     47 * Download link for successfully submitted content.
     48 * Button to delete private key from storage
     49 
     50 
     51 ## Data format
     52 
     53 The data is submitted in MIME Multipart format.
     54 
     55 The `sha256` of the MIME Multipart part that contains the submitted data is signed by the PGP key, and a MIME signature part is added to the message.
     56 
     57 The submitted content can be viewed by any email client application.
     58 
     59 The signature can also be verified by any email application that provides this feature, or can of course be separately verified using gnupg tools.
     60 
     61 
     62 ## Backend
     63 
     64 ### Configuration.
     65 
     66 Forro will load settings from `settings.json` in the same HTTP path as the application files are hosted.
     67 
     68 The available settings are:
     69 
     70 * `remote_pubkey_url`: Relative path to recipient public key
     71 * `data_endpoint`: HTTP address to host that will accept submitted data.
     72 * `help`: `true` to show interactive help
     73 * `dev`: `true` to display debugging information for development
     74 * `email_sender`: `From:` sender address to use on the MIME Multipart message
     75 * `email_sender_name`: `From:` sender name to use on the MIME Multipart message
     76 
     77 
     78 ### Data endpoint
     79 
     80 This prototype makes use of the [wala](https://defalsify.org/git/wala-rust/) service, which returns a reference to the content submitted.
     81 
     82 The host is defined by the `data_endpoint` settings in the configuration.
     83 
     84 The submitted content is signed with the client's PGP key. The reference to the content is a sum of the digest of the content aswell as the key used to sign the content.
     85 
     86 See [the wala code](https://defalsify.org/git/wala-rust/file/README.html) for a description on how to submit content in a similar manner using the CLI.
     87 
     88 
     89 ## License
     90 
     91 AGPLv3+