STRLCPY/link-lock

Add decryption without redirect interface
Jacob Strieb committed 4 years ago

93fa93d5

1 parent 650bb1e0

■ ■ ■ ■ ■ ■

README.md

		skipped 97 lines
98	98		options (very slowly) by brute force. An example application to brute force
99	99		Link Lock URLs can be found here:
100	100		[https://jstrieb.github.com/link-lock/bruteforce](https://jstrieb.github.com/link-lock/bruteforce/).
	101	+	- If you receive a Link Lock URL that you do not trust, decrypt it using this
	102	+	interface that does not automatically redirect:
	103	+	[https://jstrieb.github.com/link-lock/decrypt](https://jstrieb.github.com/link-lock/decrypt/).
	104	+
101	105
102	106
103	107
		skipped 8 lines

■ ■ ■ ■ ■ ■

decrypt/decrypt.js

1	+	/**
2	+	* Created by Jacob Strieb
3	+	* May 2020
4	+	*/
5	+
6	+
7	+
8	+	/*******************************************************************************
9	+	* Helper Functions
10	+	******************************************************************************/
11	+
12	+	// Highlight the text in an input with a given id
13	+	function highlight(id) {
14	+	let output = document.querySelector("#" + id);
15	+	output.focus();
16	+	output.select()
17	+	output.setSelectionRange(0, output.value.length + 1);
18	+	return output;
19	+	}
20	+
21	+
22	+	// Display a message in the "alert" area
23	+	function error(text) {
24	+	const alertText = document.querySelector(".alert");
25	+	alertText.innerText = text;
26	+	alertText.style.opacity = 1;
27	+	}
28	+
29	+
30	+
31	+	/*******************************************************************************
32	+	* Main UI Functions
33	+	******************************************************************************/
34	+
35	+	async function onDecrypt() {
36	+	// Fail if the b64 library or API was not loaded
37	+	if (!("b64" in window && "apiVersions" in window)) {
38	+	error("Important libraries not loaded!");
39	+	return;
40	+	}
41	+
42	+	// Try to get page data from the URL if possible
43	+	const urlText = document.querySelector("#encrypted-url").value;
44	+	let url;
45	+	try {
46	+	url = new URL(urlText);
47	+	} catch {
48	+	error("Entered text is not a valid URL. Make sure it includes \"https://\" too!");
49	+	return;
50	+	}
51	+
52	+	let params;
53	+	try {
54	+	params = JSON.parse(b64.decode(url.hash.slice(1)));
55	+	} catch {
56	+	error("The link appears corrupted.");
57	+	return;
58	+	}
59	+
60	+	// Check that all required parameters encoded in the URL are present
61	+	if (!("v" in params && "e" in params)) {
62	+	error("The link appears corrupted. The encoded URL is missing necessary parameters.");
63	+	return;
64	+	}
65	+
66	+	// Check that the version in the parameters is valid
67	+	if (!(params["v"] in apiVersions)) {
68	+	error("Unsupported API version. The link may be corrupted.");
69	+	return;
70	+	}
71	+
72	+	const api = apiVersions[params["v"]];
73	+
74	+	// Get values for decryption
75	+	const encrypted = b64.base64ToBinary(params["e"]);
76	+	const salt = "s" in params ? b64.base64ToBinary(params["s"]) : null;
77	+	const iv = "i" in params ? b64.base64ToBinary(params["i"]) : null;
78	+
79	+	const password = document.querySelector("#password").value;
80	+
81	+	// Decrypt if possible
82	+	let decrypted;
83	+	try {
84	+	decrypted = await api.decrypt(encrypted, password, salt, iv);
85	+	} catch {
86	+	error("Incorrect password!");
87	+	return;
88	+	}
89	+
90	+	// Print the decrypted link to the output area
91	+	document.querySelector("#output").value = decrypted;
92	+	error("Decrypted!");
93	+
94	+	// Update the "Open in New Tab" button to link to the correct place
95	+	document.querySelector("#open").href = decrypted;
96	+	}
97	+
98	+
99	+	// Activated when the "Copy" button is pressed
100	+	function onCopy(id) {
101	+	// Select and copy
102	+	const output = highlight(id);
103	+	document.execCommand("copy");
104	+
105	+	// Alert the user that the text was successfully copied
106	+	const alertArea = document.querySelector("#copy-alert");
107	+	alertArea.innerText = `Copied ${output.value.length} characters`;
108	+	alertArea.style.opacity = "1";
109	+	setTimeout(() => { alertArea.style.opacity = 0; }, 3000);
110	+
111	+	// Deselect
112	+	output.selectionEnd = output.selectionStart;
113	+	output.blur();
114	+	}
115	+

■ ■ ■ ■ ■ ■

decrypt/index.html

1	+	<!DOCTYPE html>
2	+	<html xmlns="http://www.w3.org/1999/xhtml" lang="en">
3	+
4	+	<head>
5	+	<!-- Metadata -->
6	+	<meta charset="utf-8" />
7	+	<meta name="author" content="Jacob Strieb" />
8	+	<meta name="description" content="Password protect links using AES in the browser." />
9	+	<meta name="viewport" content="width=device-width, initial-scale=1.0, user-scalable=yes" />
10	+
11	+	<link rel="shortcut icon" type="image/x-icon" href="favicon.ico">
12	+
13	+	<title>Decrypt Link Lock URLs</title>
14	+
15	+	<!-- Styles -->
16	+	<link rel="stylesheet" href="../style.css" type="text/css" />
17	+
18	+	<!-- Scripts -->
19	+	<script type="text/javascript" src="../b64.js"></script>
20	+	<script type="text/javascript" src="../api.js"></script>
21	+	<script type="text/javascript" src="decrypt.js"> </script>
22	+	</head>
23	+
24	+	<body onload="main()">
25	+	<!-- View on GitHub ribbon -->
26	+	<a href="https://github.com/jstrieb/link-lock" target="_blank">
27	+	<img class="ribbon" src="../corner-ribbon-minified.svg" alt="View on GitHub" />
28	+	</a>
29	+
30	+	<!-- Explanation for those who do not have JavaScript enabled -->
31	+	<noscript>
32	+	<div class="red-border">
33	+	<p>If you are seeing this, it means that you have JavaScript disabled. Please enable JavaScript to access the locked link.</p>
34	+
35	+	<p>This application is entirely programmed in JavaScript. This was done intentionally, so that all encryption and decryption happens client-side. This means the code runs as a distributed application, relying only on GitHub Pages for infrastructure. It also means that no data about locked links is ever stored on a server. The code is designed to be auditable so users can investigate what is happening behind the scenes.</p>
36	+
37	+	<p>If you still want to run the application, I encourage you to clone the <a href="https://github.com/jstrieb/link-lock">source code on GitHub</a>. That way you can disable JavaScript only for trusted files on your local machine.</p>
38	+	</div>
39	+	</noscript>
40	+
41	+	<!-- Display errors in a big red box -->
42	+	<div class="error red-border" style="display: none">
43	+	<p id="errortext">Error</p>
44	+	<button onclick="main()">Try again</button>
45	+	<a href="https://jstrieb.github.io/link-lock"><button>Lock a link</button></a>
46	+	</div>
47	+
48	+	<h1>Decrypt Link Lock URLs</h1>
49	+	<p>This application is for decrypting <a href="https://github.com/jstrieb/link-lock" target="_blank">Link Lock</a> URLs without automatically redirecting. This is useful if you do not trust the source of an encrypted URL.</p>
50	+
51	+	<hr />
52	+
53	+	<div class="form">
54	+	<label for="encrypted-url">encrypted url</label>
55	+	<input type="url" id="encrypted-url" oninput="document.querySelector('.alert').style.opacity = 0" />
56	+	<label for="password">password</label>
57	+	<input type="password" id="password" />
58	+	<button onclick="onDecrypt()">Decrypt</button>
59	+	<p class="alert">INVISIBLE</p>
60	+	</div>
61	+
62	+	<hr />
63	+
64	+	<!-- Output area -->
65	+	<div class="output">
66	+	<label for="output">output</label>
67	+	<input type="text" id="output" readonly/>
68	+	<button id="copy" onclick="onCopy('output')">Copy</button>
69	+	<a href="" id="open" target="_blank"><button>Open in New Tab</button></a>
70	+	<p class="alert" id="copy-alert">Copied</p>
71	+	</div>
72	+
73	+	<!-- Page footer -->
74	+	<footer>
75	+	<hr />
76	+	<p class="copyright">Created by <a href="https://jstrieb.github.io">Jacob Strieb</a>.</p>
77	+	</footer>
78	+	</body>
79	+	</body>
80	+
81	+	</html>
82	+

Add decryption without redirect interface