Skip to content

Instantly share code, notes, and snippets.

@geraintluff
Created December 31, 2014 11:59
Show Gist options
  • Save geraintluff/818eb8501fc95ce57b36 to your computer and use it in GitHub Desktop.
Save geraintluff/818eb8501fc95ce57b36 to your computer and use it in GitHub Desktop.
Small single HTML file that securely loads libraries (SHA256-verified). User can then drag files onto the page and they appear PGP-encrypted in a DropBox account.
data:text/html,%3Cbody%3E%3Cscript%3Efunction%20sha256(a)%7Bfunction%20b(a,b)%7Breturn%20a%3E%3E%3Eb%7Ca%3C%3C32-b%7Dfor(var%20c,d,e=Math.pow,f=e(2,32),g=%22length%22,h=%22%22,i=%5B%5D,j=8*a%5Bg%5D,k=%5B%5D,l=%5B%5D,m=0,n=%7B%7D,o=2;64%3Em;o++)if(!n%5Bo%5D)%7Bfor(c=0;313%3Ec;c+=o)n%5Bc%5D=o;k%5Bm%5D=e(o,.5)*f%7C0,l%5Bm++%5D=e(o,1/3)*f%7C0%7Dfor(a+=%22%5Cx80%22;a%5Bg%5D%2564-56;)a+=%22%5Cx00%22;for(c=0;c%3Ca%5Bg%5D;c++)%7Bif(d=a.charCodeAt(c),d%3E%3E8)return;i%5Bc%3E%3E2%5D%7C=d%3C%3C(3-c)%254*8%7Dfor(i%5Bi%5Bg%5D%5D=j/f%7C0,i%5Bi%5Bg%5D%5D=j,d=0;d%3Ci%5Bg%5D;)%7Bvar%20p=i.slice(d,d+=16),q=k;for(k=k.slice(0,8),c=0;64%3Ec;c++)%7Bvar%20r=p%5Bc-15%5D,s=p%5Bc-2%5D,t=k%5B0%5D,u=k%5B4%5D,v=k%5B7%5D+(b(u,6)%5Eb(u,11)%5Eb(u,25))+(u&k%5B5%5D%5E~u&k%5B6%5D)+l%5Bc%5D+(p%5Bc%5D=16%3Ec?p%5Bc%5D:p%5Bc-16%5D+(b(r,7)%5Eb(r,18)%5Er%3E%3E%3E3)+p%5Bc-7%5D+(b(s,17)%5Eb(s,19)%5Es%3E%3E%3E10)%7C0),w=(b(t,2)%5Eb(t,13)%5Eb(t,22))+(t&k%5B1%5D%5Et&k%5B2%5D%5Ek%5B1%5D&k%5B2%5D);k=%5Bv+w%7C0%5D.concat(k),k%5B4%5D=k%5B4%5D+v%7C0%7Dfor(c=0;8%3Ec;c++)k%5Bc%5D=k%5Bc%5D+q%5Bc%5D%7C0%7Dfor(c=0;8%3Ec;c++)for(d=3;d+1;d--)%7Bvar%20x=k%5Bc%5D%3E%3E8*d&255;h+=(16%3Ex?0:%22%22)+x.toString(16)%7Dreturn%20h%7Dvar%20r=new%20XMLHttpRequest,ACCESS_TOKEN=%22yNMSYeID2GkAAAAAAAAABpHNNgKxyw0HzGkBfV3h_0bMSXihPb4TYM8NIeewzFtF%22,PK_HASH=%22e6bef97866a85fa5a6e323635c8ffeae7cfe91a4875d5f1facf2a7f3dfd3d1fc%22,OPENPGP_HASH=%220c35b4f715bf455ee6c29e4b3005558e0d6ec1b67ddad4456f912b52abae2e31%22,STYLE_HASH=%2260cd4da761dbc28c13aa3d2d69253a3e9ece84ecc1085fccb6fcd07efeae91bc%22,code=%0D%0A(r.open('GET',%20'https://api-content.dropbox.com/1/files/auto/main.js?access_token='+ACCESS_TOKEN,!1),r.send(),code=r.responseText);%0D%0A(sha256(code)===%22842a1e3fbbd5c9cba69afb624c1b17e0095c2bd9e043da754982d2065f325ee3%22)?eval(code):alert('hash%20mismatch');%3C/script%3E%3C/body%3E

Credentials

These are the credentials used in the demo. The HTML page was generated by this tool using the access token and public key. The private key is included so you can verify whether things work.

Not properly tested in a range of environments.

DropBox access token

yNMSYeID2GkAAAAAAAAABpHNNgKxyw0HzGkBfV3h_0bMSXihPb4TYM8NIeewzFtF

PGP public key

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: BCPG C# v1.6.1.0

mQENBFSh+h0BCADpnSFcrufSATGbxp8rap23UxAVhvrWQzxfw9frH1vcTObJ4LWU
lahEJDxWzC1trV79Ij7ALIyOyKbsbGd/7+kR97xXa36lHU/PY5M5bgLxVpzYgk0I
J/uuqWigVDQ4X0VJML1PZ67RXuvsiB1s43kRKaAszTcOZ65FvhNVJpGyGG5MEY+y
As+ylt7qEDtXb0NU5l+lhz9k9Wx45mLaNI8lmOKLlIGRBYlxdws6FnbNywx5hON9
5INAw+U5iIrVE+qUYu/nrm7KegzOETDLLyUXFGp0vD9ybO7ukyRD77ubKQbJ8Yvk
Dtw8jK95XxlcNZ3M6aA1rTLn2E63M38+rK4hABEBAAG0AIkBHAQQAQIABgUCVKH6
HQAKCRD+ZtGzRhjBrXJzB/4mEfudh1iSPz0morZ5fzdkQ7zG80TLjBbTnsz9ZLJB
6DLjSyNP/TlUWaE671kyBjSC8XobTPkYWqicxcjgn9WG4r32yvmwQY9lVQjylSQx
ryO4O1sD2Mhexx8kjLtT9hQ0hgwPmEsVeJYiY03989be9h2G8qxA9rlmQ5cci6Oi
GNcaeipa285IxANMnCsU1TQFvCiJHQqQ7F/WdYSFNfZsTqw6PXGW1VkvgFdF4vwJ
UFn9rZWfQCqV9jYQ6hOk5AVyuY+fdZoWtjE/ZIwvI2ond1MYw1mqiqfHM/QhVGe6
k5K9VTIORQw5W69wt7EGiJgNGc+Io0N2VTzunQOYtxKc
=kFYA
-----END PGP PUBLIC KEY BLOCK-----

PGP private key

Passphrase is 31C3.

-----BEGIN PGP PRIVATE KEY BLOCK-----
Version: BCPG C# v1.6.1.0

lQOsBFSh+h0BCADpnSFcrufSATGbxp8rap23UxAVhvrWQzxfw9frH1vcTObJ4LWU
lahEJDxWzC1trV79Ij7ALIyOyKbsbGd/7+kR97xXa36lHU/PY5M5bgLxVpzYgk0I
J/uuqWigVDQ4X0VJML1PZ67RXuvsiB1s43kRKaAszTcOZ65FvhNVJpGyGG5MEY+y
As+ylt7qEDtXb0NU5l+lhz9k9Wx45mLaNI8lmOKLlIGRBYlxdws6FnbNywx5hON9
5INAw+U5iIrVE+qUYu/nrm7KegzOETDLLyUXFGp0vD9ybO7ukyRD77ubKQbJ8Yvk
Dtw8jK95XxlcNZ3M6aA1rTLn2E63M38+rK4hABEBAAH/AwMCleOBD7E0RwtgOoKa
pUHS1qOy2Kxl8GhdgYkKTXRthHr9UqNJbLaTXH0lbZ9PPqzMAJ+uP4tirenSAmbk
giPeavnHv3qgkkuiaG6rG7euUvfsQzNTwVvZAY6hzmo6LJ1IeS0St/HlYkFg/psF
/U7fooevpeCFcjcs74zfNHFK1RNGy0x6a/iccrsjCE8uxYGN+hnpFbJcQfCautzQ
LMW/T2/tu6nFKJ5tFUsMeo8+h4FVmnMtWvYfOkXJwKZZUOblauariTlkap5vas58
A2StquYwR+I1VVh1En4s+6cDW7/GFbZcnxz5mfg8xbqC+AkouS4bcmS3nvQRZqIL
84hG/N+H6w1p8fA6JkoF+BWtbdVIVuInHr4tPNwUfOeQAFm6s/f/RtiHqG1I0WU8
mFuTHYit+6oMla+fQ/Ln7/IXz3M+cx6yDe7Pm/tZYtM9nzdZlCwbmuhqD4lA66K6
g/VqqnBRf3LNxY1oGy9yHMGnFBLDK+vBDIeN2B6eVGasMFekgPPfhCXhCpJAAE55
aqQ4jkarW7v60g5Jsz0L8SuQepyzsKGlCCNzLcdzbCkHc5ZgTpQLzJeqr4/mXkNZ
hj5fZx/HMIIDoC2ZFRD4b/CHM0WvvlmNSpnpVy/qKHmKbsH5hkI8bWO8RNuJ4FPE
Ub5lNNQp04Wm0ZDonK3jex+Qi71sf+CQZQckNZBIqhL9aveBgqsZv4qO5FYoC27P
xIBXBYeIkhxBgc3+Inf4qRNNRxMyL06rKDwySvAntHjS8UJyToYXyoCpHNdzG29f
ApedaedxT8840/rO+VQENj/hf9sFMZFM/7aXY7XKg/Mk5LHX0ebiZ0Y7peIP6qAU
O8UO0BDJlKLLCI6hh92BsGKPpeDYWd7hxNObWUibW7QAiQEcBBABAgAGBQJUofod
AAoJEP5m0bNGGMGtcnMH/iYR+52HWJI/PSaitnl/N2RDvMbzRMuMFtOezP1kskHo
MuNLI0/9OVRZoTrvWTIGNILxehtM+RhaqJzFyOCf1YbivfbK+bBBj2VVCPKVJDGv
I7g7WwPYyF7HHySMu1P2FDSGDA+YSxV4liJjTf3z1t72HYbyrED2uWZDlxyLo6IY
1xp6KlrbzkjEA0ycKxTVNAW8KIkdCpDsX9Z1hIU19mxOrDo9cZbVWS+AV0Xi/AlQ
Wf2tlZ9AKpX2NhDqE6TkBXK5j591mha2MT9kjC8jaid3UxjDWaqKp8cz9CFUZ7qT
kr1VMg5FDDlbr3C3sQaImA0Zz4ijQ3ZVPO6dA5i3Epw=
=cQ+Q
-----END PGP PRIVATE KEY BLOCK-----
<body><script>function sha256(a){function b(a,b){return a>>>b|a<<32-b}for(var c,d,e=Math.pow,f=e(2,32),g="length",h="",i=[],j=8*a[g],k=[],l=[],m=0,n={},o=2;64>m;o++)if(!n[o]){for(c=0;313>c;c+=o)n[c]=o;k[m]=e(o,.5)*f|0,l[m++]=e(o,1/3)*f|0}for(a+="\x80";a[g]%64-56;)a+="\x00";for(c=0;c<a[g];c++){if(d=a.charCodeAt(c),d>>8)return;i[c>>2]|=d<<(3-c)%4*8}for(i[i[g]]=j/f|0,i[i[g]]=j,d=0;d<i[g];){var p=i.slice(d,d+=16),q=k;for(k=k.slice(0,8),c=0;64>c;c++){var r=p[c-15],s=p[c-2],t=k[0],u=k[4],v=k[7]+(b(u,6)^b(u,11)^b(u,25))+(u&k[5]^~u&k[6])+l[c]+(p[c]=16>c?p[c]:p[c-16]+(b(r,7)^b(r,18)^r>>>3)+p[c-7]+(b(s,17)^b(s,19)^s>>>10)|0),w=(b(t,2)^b(t,13)^b(t,22))+(t&k[1]^t&k[2]^k[1]&k[2]);k=[v+w|0].concat(k),k[4]=k[4]+v|0}for(c=0;8>c;c++)k[c]=k[c]+q[c]|0}for(c=0;8>c;c++)for(d=3;d+1;d--){var x=k[c]>>8*d&255;h+=(16>x?0:"")+x.toString(16)}return h}var r=new XMLHttpRequest,ACCESS_TOKEN="yNMSYeID2GkAAAAAAAAABpHNNgKxyw0HzGkBfV3h_0bMSXihPb4TYM8NIeewzFtF",PK_HASH="e6bef97866a85fa5a6e323635c8ffeae7cfe91a4875d5f1facf2a7f3dfd3d1fc",OPENPGP_HASH="0c35b4f715bf455ee6c29e4b3005558e0d6ec1b67ddad4456f912b52abae2e31",STYLE_HASH="60cd4da761dbc28c13aa3d2d69253a3e9ece84ecc1085fccb6fcd07efeae91bc",code=
(r.open('GET', 'https://api-content.dropbox.com/1/files/auto/main.js?access_token='+ACCESS_TOKEN,!1),r.send(),code=r.responseText);
(sha256(code)==="842a1e3fbbd5c9cba69afb624c1b17e0095c2bd9e043da754982d2065f325ee3")?eval(code):alert('hash mismatch');</script></body>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment