OpenPGP.js Browser Example By Patrik Iden

Introduction

My first plan was with this example to fetch the proton public key and then send that public key message to encrypt to the backend where I have node.js. But for safety reasons it is more secure if the message is encrypted directly on the clients' browser, instead of being sent unsecure to the backend first and then get encrypted!

The subject in the email is never encrypted, only the body!

Steps

1. Fetch public key from Proton with valid email address.
2. User type in the plain message in the textarea.
3. With the public key, encrypt plain message to a encrypted message.
4. Then when the message have been encrypted, it is ready to be sent to the backend.
5. Node.js/Express.js will collect environment variables (credentials) for the SMTP server and then send the encrypted email to the Proton email address.

Resources

https://proton.me/support/download-public-private-key
https://openpgpjs.org/
https://github.com/openpgpjs/openpgpjs/blob/main/README.md#getting-started/
https://unpkg.com/browse/openpgp@5.11.0/dist/
https://nodejs.org/en/
https://nodemailer.com/
https://www.npmjs.com/package/dotenv
https://expressjs.com/
https://www.jetbrains.com/webstorm/