Using client side crypto usually comes with the problem of trusting the server serving the files. Even if a webapp uses OpenPGP.js to encrypt everything client-side, it is insecure in the event where the server is compromised. The attacker can send an altered version of the webapp including malicious code and this will go undetectable by the user.
This is an attempt to partially solve this problem. Partially because when the user first loads the webapp the same problems mentioned above exist. But after the initial load everything has to be signed by a specific GPG key and there is no way for the server to force a change to the client-side code.
more here...........https://github.com/petrosagg/tofu-webapp-openpgp
This is an attempt to partially solve this problem. Partially because when the user first loads the webapp the same problems mentioned above exist. But after the initial load everything has to be signed by a specific GPG key and there is no way for the server to force a change to the client-side code.
more here...........https://github.com/petrosagg/tofu-webapp-openpgp