Virtual Message: how does it work?



As you may have seen, you have the possibility to send a so-called "virtual message" to the webmaster. You can choose between sending it in plain text (mandatory without javascript), or using encryption. The latter option relies on a public key cryptography infrastructure, and its underlying architecture is summarized here.

[Virtual Message: scheme]
Schematic overview of the "virtual message" protocol

The overall security of the system depends on which kind of access to the channel linking the sublunar circus to you a potential eavesdropper has. Step (8) is actually based on a javascript port of some gpg encryption algorithms, which has been written by Herbert Hanewinkel. Many thanks to him! The source code of the client-side part is available (exercise: find it) if you want to see that more in details.

Of course if you choose not to encrypt your message, or if you can't, the above architecture is irrelevant; data are basically transmitted in plain text, then simply echoed.

Little Neo, 2009

Code

Accueil