Absolutely No Machete Juggling

What Is This?

This is a bookmarklet that will allow you to store private sites a bookmark manager like Google Browser Sync.

What Does That Mean?

Google Browser Sync is a way of sharing browser data, like bookmarks, across all of the computers you use. It's a Firefox browser extension, and it works like a charm. The data is encrypted when transferred, and according to Google, the data is stored in Google's data center in a way that even Google employees can't see it.

Unfortunately, the extension code is (mostly) compiled, which makes it extremely difficult to verify that your browser data is actually stored in a way such that only you can decrypt it. Of course, I like to trust Google (and I want to work there *HINT*), but the fact that I can't view the source code makes me nervous about using Browser Sync on my desktop machine, since I store URLs there that I don't want anyone seeing, such as private torrent tracker sites. Er, I mean, uh, legal torrent, um, sites, er, with Linux distributions and, uh, creative-commons music.

What tinfoil-hat-wearing lunatics like myself need is way of storing bookmarks to super-private urls in a way so that the bookmark stored doesn't give away the actual url.

How Does This Work?

The short version is that, instead of storing the url to a Super-Private Site, you store a javascript bookmarklet. This bookmarklet stores an encrypted version of the URL. It asks you for your decryption key, decrypts the encrypted version of the URL, then loads the address bar with the decrypted URL. The en/decryption algorithm being used in my implemention is the Tiny Encryption Algorithm.

Of course, the real tricky bit is that I actually need a bookmarklet that will GENERATE these bookmarklets for me. That's the bookmarklet I am providing.

Drag this link to your bookmarks:
[Encrypt-Bookmark This Page]

How Do I Use It?

Once you've dragged the above bookmark into your bookmarks, all you have to do is click it whenever you're at a page you want to bookmark in an encrypted way. It will prompt you for your encryption key. Provide one and hit okay. The page will be replaced by a page giving you A NEW BOOKMARKLET, which you can then drag to your bookmarks as well.

When you click THAT bookmarklet, you will be prompted for your decryption key. Provide the same key as before, and your secret site will load.

What Does The Code Look Like?

/*
    TEA JavaScript Implementation Copyright Chris Veness:
    http://www.movable-type.co.uk/scripts/tea-block.html
*/
 
function TEAencrypt(plaintext, password)
{
  if (plaintext.length == 0) return('');
  var asciitext = escape(plaintext).replace(/%20/g,' ');
  var v = strToLongs(asciitext);
  if (v.length <= 1) v[1] = 0;
  var k = strToLongs(password.slice(0,16));
  var n = v.length;
 
  var z = v[n-1], y = v[0], delta = 0x9E3779B9;
  var mx, e, q = Math.floor(6 + 52/n), sum = 0;
 
  while (q-- > 0) {
    sum += delta;
    e = sum>>>2 & 3;
    for (var p = 0; p < n; p++) {
      y = v[(p+1)%n];
      mx = (z>>>5 ^ y<<2) + (y>>>3 ^ z<<4) ^ (sum^y) + (k[p&3 ^ e] ^ z);
      z = v[p] += mx;
    }
  }
 
  var ciphertext = longsToStr(v);
 
  return escCtrlCh(ciphertext);
}
 
function TEAdecrypt(ciphertext, password)
{
  if (ciphertext.length == 0) return('');
  var v = strToLongs(unescCtrlCh(ciphertext));
  var k = strToLongs(password.slice(0,16));
  var n = v.length;
 
  var z = v[n-1], y = v[0], delta = 0x9E3779B9;
  var mx, e, q = Math.floor(6 + 52/n), sum = q*delta;
 
  while (sum != 0) {
    e = sum>>>2 & 3;
    for (var p = n-1; p >= 0; p--) {
      z = v[p>0 ? p-1 : n-1];
      mx = (z>>>5 ^ y<<2) + (y>>>3 ^ z<<4) ^ (sum^y) + (k[p&3 ^ e] ^ z);
      y = v[p] -= mx;
    }
    sum -= delta;
  }
 
  var plaintext = longsToStr(v);
 
  plaintext = plaintext.replace(/\0+$/,'');
 
  return unescape(plaintext);
}
 
function strToLongs(s) {
  var l = new Array(Math.ceil(s.length/4));
  for (var i=0; i<l.length; i++) {
    l[i] = s.charCodeAt(i*4) + (s.charCodeAt(i*4+1)<<8) +
         (s.charCodeAt(i*4+2)<<16) + (s.charCodeAt(i*4+3)<<24);
  }
  return l;
}
 
function longsToStr(l) {
  var a = new Array(l.length);
  for (var i=0; i<l.length; i++) {
    a[i] = String.fromCharCode(l[i] & 0xFF, l[i]>>>8 & 0xFF,
                   l[i]>>>16 & 0xFF, l[i]>>>24 & 0xFF);
  }
  return a.join('');
}
 
function escCtrlCh(str) {
  return str.replace(/[\0\t\n\v\f\r\xa0'"!]/g, function(c) {
    return '!' + c.charCodeAt(0) + '!';
  });
}
 
function unescCtrlCh(str) {
  return str.replace(/!\d\d?\d?!/g, function(c) {
    return String.fromCharCode(c.slice(1,-1));
  });
}
 
input=window.location;
key=prompt("Pick an encryption key (you must type this every time you load the bookmark)");
sitename=window.document.title;
 
encrypted=TEAencrypt(input,key);
the_code=TEAencrypt.toSource() + TEAdecrypt.toSource() + strToLongs.toSource() +
  longsToStr.toSource()+ escCtrlCh.toSource() + unescCtrlCh.toSource();
 
the_code=the_code.replace(/\"/g,"'");
 
document.write("Bookmark this link:<br/>[<a href=\"javascript:"+ the_code +
  "; key=prompt('What is your decryption key?'); decrypted=TEAdecrypt('"+
  encrypted+"', key); window.location=decrypted;\">"+sitename+"</a>]");

This was more of a pain in the ass to write than it looks, trust me. The fact that no syntax highlighter (including the one above) can comprehend the code well enough to even highlight it should illustrate why.

This Is Stupid. What Kind Of Crazy Person Is This Paranoid?

Me. I love the new trend toward social sharing on the internet, but some of the privacy issues make my neckhair stand on end. I love the convenience of things like del.icio.us and Google Browser Sync, but the fact that I'm storing stuff somewhere other than my own machine makes me nervous. It's an adjustment I'm still making, and until I'm fully adjusted I need to create crap like this to help me relax.

This bookmarklet is for everyone out there in the same boat.