What does HackerNews think of jsencrypt?

A zero-dependency Javascript library to perform OpenSSL RSA Encryption, Decryption, and Key Generation.

Language: JavaScript

Show HN: I store my critical secrets and document, and communicate privately | Dec 2022
Using browser crypto to create a document is the right thing to do, but you might want a JavaScript decryption library to improve portability and lifespan. I would check that it’s capable of decrypting the payload when you’re making a document. (Possibly https://github.com/travist/jsencrypt)

The obvious weakness is your hosted document creator: it’s essentially impossible to defend an HTML document against a malicious domain. We can look at your GitHub repo, but there’s no guarantee that’s the exact code that’s running. If you’re an especially valuable target, you can’t even be sure that the files that you think you’re serving haven’t been tampered with.

Show HN: Chrome/FF plugin brings the HN and Reddit conversation to you as you surf | Aug 2015
I had an extension called Deeper History which I shut down out security/privacy concerns very similar to yours. The solution I came up with half worked. I used https://github.com/travist/jsencrypt to encrypt the sensitive data before storing it in IndexedDB.

The problem was I couldn't get it to work with public keys I created locally. According to jsencrypt's github it should be possible. If you could get it to work you could give security conscious people a way to safely cache stuff locally.

Anyways if it would help to store user info on the client, I jut wanted to say there is a viable way forward on that. I have the code to chunk and encrypt stuff on the client if you're interested.

FBI: Companies should help us ‘prevent encryption above all else’ | Jun 2015
I've been hacking up a facebook clone at work. I've discovered that it's easier than ever to have end to end encryption. For example, there are now good working RSA and symmetric javascript crypto libraries that work in the browser:

   for RSA: https://github.com/travist/jsencrypt
   for AES: https://code.google.com/p/crypto-js/
This includes generating your own private key for a totally in-browser "sign up" process (browser can save your private key in a file, you then point to it to "log in").

Add to this: a distributed message passing system: something like torrents with channels shared by multiple users so that you can't easily see who is sending to who with enough traffic.

Also for identity verification: use the bitcoin block chain as a CA.

Anyway, think of a single-page web-app, where the page is stored along with your private identity file on a USB-key (this avoids the security hole of having to download it every time).