Plugin should facilitate encryption in the browser

Developer Nadim Kobeissi will introduce a plugin this month that would greatly simplify file encryption and decryption. The tool, called miniLock, does not store any keys, nor does it require any accounts.

MiniLock uses public key encryption where the user has a private key to encrypt data and make it readable again. Unlike tools like PGP, it is not necessary to store the public keys: thanks to elliptic curve cryptography, miniLock can generate the private key based on the chosen passphrase. As a result, the plug-in must be usable by anyone on any computer and it requires little computer knowledge, the developer told Wired.

The plug-in does impose requirements on the passphrase: a minimum of thirty characters must be used. Numbers and symbols are also required. The derived private key is deleted when the browser is closed. In addition, no account is required and unlike PGP’s long public keys, the length of the public key used by miniLock is only 44 characters.

According to Wired, Kobeissi will release a beta version of the plug-in at a hacker conference this month. The code will be open source and will be available on GitHub. Kobeissi previously made the chat program Cryptocat that also relied on encryption. Initially, it turned out to be the necessary security holes, but in later versions Cryptocat would have become safe.