The integration of NPM into Node.js gives its users a simplified, yet solid avenue for packaging and distributing libraries of code. NPM has become accepted as the community standard when it comes to Node.js packaging, so its addition is one that is welcome with open arms. While the NPM addition is a step in the right direction for Node.js, version 0.6.3 does come with some problems of its own, such as the incorrect installation of man pages. An upcoming 0.6.4 release will supposedly take care of the issue, and it will also include the option to forego installation of NPM to accommodate those using customized versions of the manager. At the time of this writing, no timetable has been issued regarding a 0.6.4 release date.
Beyond the NPM integration, Node.js 0.6.3 includes a fix to offer support in the native Windows version for paths in excess of 260 characters long. Issues with paths relative to drives have been corrected as well. A full list of fixes in version 0.6.3 can be found in the change log.
Node.js is published under a MIT license and can be downloaded from the Node.js website, http://nodejs.org/#download. Node.js 0.6.3 is available as source code, or in a Windows or Mac version.
Although GPG4Browsers is classified as a prototype by its creators, it does support nearly all of the OpenPGP standard’s hash functions and asymmetric/symmetric ciphers. OpenPGP encrypts and digitally signs messages and other data through the use of public key cryptography. It’s primarily used to secure email messages and is based on the program that is commonly referred to as PGP, or Pretty Good Privacy.
GPG4Browsers’ main appeal comes from the fact that it is browser-based. By running inside the browser, it eliminates the need for any installed software or a dedicated email client. Normally, the setup required to get a PGP variant to function with a specific email client in a local computer environment is cumbersome. Not only does it require some technical knowledge, but it involves installing the system on the actual computer, importing private and public keys into the keyring, or local database, as well as configuring the email client. GPG4Browsers simplifies the entire process by handling the technical aspects and making it portable.
While GPG4Browsers does offer several advantages, it is still in its infancy stage, and does come with some limitations. At this time, the release will not generate private keys, but such functionality is expected to be included with future releases, as there is a dedicated menu for the task. Public and private keys can be imported without any trouble, however. When using Gmail, a lock icon that is black in color will appear in the address bar. Clicking on the lock activates a dialog where a user can compose an encrypted or digitally signed message. If an encrypted message arrives in Gmail, a notification is displayed that asks if the user wants to open the message using GPG4Browsers. As long as data compression is not used, GPG4Browsers can decrypt messages singed with GNU Privacy Guard, or GnuPG, which is a highly-used open source PGP implementation.
Keeping that in mind, the use of GPG4Browsers should be avoided on computers that are deemed vulnerable or infected with malware. Users can boot from a live Linux CD or another read-only environment, however, as a workaround.
GPG4Browsers’ functionality is currently limited to Google Chrome. Whether or not it will work with other browsers in the future remains to be seen. Downloading the tool must be done manually via Chrome, and it must be installed as an unpacked extension.
To download the tool, click on the small wrench icon in the top left-hand corner of the Chrome browser. Select Tools followed by Extensions. Check the box next to Developer Mode and click the Load unpacked extension button. Select the source code folder containing the manifest file, and select the Allow in incognito option. Additional details can be found at the official GPG4Browsers page, http://gpg4browsers.recurity.com/.
DISCLAIMER: The content provided in this article is not warranted or guaranteed by Developer Shed, Inc. The content provided is intended for entertainment and/or educational purposes in order to introduce to the reader key ideas, concepts, and/or product reviews. As such it is incumbent upon the reader to employ real-world tactics for security and implementation of best practices. We are not liable for any negative consequences that may result from implementing any information covered in our articles or tutorials. If this is a hardware review, it is not recommended to open and/or modify your hardware.