WebCrypt 2.0 was released back in October and provides easier than ever access to secure OpenPGP messaging and file encryption. For this feature highlight we will show how to set up and use WebCrypt 2.0 with OnlyKey.
Why use OnlyKey WebCrypt?
Very simply, it is one of the easiest and most secure ways to use OpenPGP. WebCrypt is used for sending and receiving encrypted messages and files directly in the browser. Its universally supported in Firefox, Brave, Chrome and essentially all browsers that support FIDO2, with iOS 13.3 its even supported in Safari on iPhone. Its revolutionary approach keeps OpenPGP keys in cold storage, securely stored on OnlyKey, not accessible to apps or to the browser.
This cold key storage provides better protection than PGP/GPG software, webmail (i.e. Protonmail), and smartphone apps. Additionally, physical user presence is required to process secure messages/files. This is in contrast to Smart Cards which often only require a PIN code that can be captured and replayed without physical user presence.
Watch a Quick Demo
How to use OnlyKey WebCrypt?
While anyone can use WebCrypt to send encrypted messages/files, to decrypt messages/files with WebCrypt an OnlyKey is required. Pick up an OnlyKey here – https://onlykey.io/
Step 1 – Generate a private key and load onto OnlyKey
We provide step-by-step directions here for using Keybase.io to create a profile and a private key. Experienced users may also load keys from Protonmail, Mailvelope, or GPG. If you prefer video instructions watch the video below:
Step 2 – Create custom links for others to send you encrypted files/messages.
You can send this custom link directly or put it in your email signature, there is an example:
- Link the text ‘message’ to: https://apps.crp.to/encrypt.html?type=e&recipients=bobsmith2
- Link the text ‘file’ to: https://apps.crp.to/encrypt-file.html?type=e&recipients=bobsmith2
- Change bobsmith2 in the link to your Keybase user name
- Add a ‘More info’ link to: https://onlykey.io/pages/webcrypt
This link provides information to let your sender know what WebCrypt is, why it’s secure, and includes a quick 30 second video that will shows how to use it.
Step 3 – Get ready to decrypt secure files and messages anywhere
With your OnlyKey connected and unlocked browse to the OnlyKey WebCrypt page. Input the sender’s username to decrypt & verify the message or click the “Decrypt Only” radio button if you don’t know the sender’s Keybase username.
- Messages – Paste encrypted OpenPGP messages into https://apps.crp.to/decrypt and click Decrypt.
- Files – Select “Choose File” on https://apps.crp.to/decrypt-file, select the .gpg file to decrypt, and click Decrypt.
That’s it, the decrypted message will be shown and you can copy/paste as needed. A zip file containing your decrypted file will download to your computer.
What’s next for WebCrypt?
CryptoTrust recently won 2nd place in the Virtru Privacy Challenge for it’s revolutionary new hybrid solution that integrates WebCrypt 2.0 with Virtru for expiring/disappearing OpenPGP messages. The issues solved by OnlyKey WebCrypt are issues that affect many at-risk communities such as human rights activists and journalists.
Read the white paper here:
Watch demo here: