This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit

SpoC 007 - Enigform: Firefox Addon for OpenPGP signing of HTTP requests - Progress Page

Revision as of 14:20, 7 November 2007 by Buanzo (talk | contribs) (Current Status)

Jump to: navigation, search

Current Status

As of 7th November, 2007, mod_openpgp, the Server-side Enigform component for Apache, supports OpenPGP-Encrypted HTTP Request Decryption. This means an HTTP client can send an encrypted HTTP request, using the Server's public key, and it will be decrypted and correctly served by the server.

This is a HUGE feature bump, of roughly 1200 lines of C code.

It's much more of what I expected to implement for the OWASP SPOC duration, so I'll be applying for the 2nd half of my funding now.

Also, I've implemented most of the Secure Session Initiation Protocol, but problems with some Apache DB APIs are slowing this much more than I expected. I hope to work out all the issues, or I'll have to release a simplified version. I just hope the Decryption support is enough to apply for the 2nd half of funding.

Older Status Reports

As of 9th July, 2007, Enigform has been enhanced with remote site OpenPGP discovery, Public Key Import. Kyle Huff has joined the development team, and the Session Protocol has been proposed. Regarding Encryption, mod_openpgp supports encrypted http requests, but Enigform support for this is in research stage.Microsoft support will be last stage, once Enigform 1.0 and mod_openpgp 1.0 are released.

Project Links

Back to Project page