Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?

Previewing encrypted content on the web

This would be an extension to The Open Graph protocol.

As more and more people are using privacy preserving tools for sharing content on the web, more content embedded into web pages will be end-to-end encrypted and decrypted in-browser by javascript or wasm code.

A current problem with previews of web URLs is they require the server to know the exact contents of the URL and be able to provide a preview as a resource either inside a header or as a URL to an image. If the primary content at the URL were encrypted, no preview could be provided directly by the server.

What the server could provide is an encrypted preview which was encrypted with a symmetric key by the original creator using one of the standard algorithms provided by webcrypto. Then the browser/client could find the decryption key in the URL fragment (or prompt the user for it) to then facilitate the decryption of the preview content safely on device. This would provide a standard way to quickly preview URLs containing encrypted content without the server needing to know the contents of the document.

An example url could be:

https://example.com/private/document-1#A256GCM:nslsfhsdblweklsbsd7b

The document it returns could provide the standard <meta> tags with encrypted contents (using data-uris for images):

<!-- ... -->
<meta property="og:title" content="crypto:AES-GCM:128:kjsfywrjkkjsnfl">
<meta property="og:image" content="data:image/gif;crypto:AES-GCM:128,sdlkjfklsndfyhserlkjlksfj">
<!-- ... -->

or

<!-- ... -->
<meta property="og:title" content="kjsfywrjkkjsnfl" algo="AES-GCM:128:">
<meta property="og:image" content="data:image/gif;base64,sdlkjfklsndfyhserlkjlksfj" algo="AES-GCM:128">
<!-- ... -->

The browser/client could transparently decrypt and show the preview content using the client-only symmetric key in the URL.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment