Wouldn’t it be awesome if we starting seeing websites like this?

I usually hear people say they don’t use PGP because nobody else does. A fair complaint - PGP isn’t exactly easy to set up and without the proper motivation it’s hard to convince the people you communicate with to use it too.

But PGP isn’t so hard to set up that our machines can’t use it to send us messages. If someone wants their email send to them encrypted, it really should be as easy to tell the app in question to use their public key either by providing it or looking it up via PKI.

Shaftoe is a proof of concept of how that can be done. It’s a simple webservice, 2 methods only: one for storing keys, and the other for encrypting text using those keys. The bare minimum needed for encrypting email with PGP. You can find instructions on how to download and run it yourself on Github.

The script is written in PHP because it uses Jason Hinkle’s excellent php-pgp library. This was the only decent and working OpenPGP implementation I could find that doesn’t require a compiled binary and all it does is encrypt. In fact it works very well.

Below is an example using the service. It asks you for an idetifier and your public key in ASCII format, then returns a random encrypted quote.

The service could just as easily be used by an application to encrypt email before sending it.

View outside of Iframe

Details and installation instructions can be found on Github