Encrypted contact forms for WordPress

Alex Günsche · November 27, 2006

We are happy to announce the release of our next great WordPress plugin. It is called Subrosa and it is a snap-in for various WordPress contact forms to allow Public Key encryption of confidential messages. What this is and what the benefits are, is explained very well in a Wikipedia article.

The plugin is tested with the legacy WP Contact Form by Ryan Duff and with Contact Form ][ by Chip Cuccio. But others should work, too.

You can read more about the plugin on its description page, where you will also find the download.

To see a demonstration of the plugin, visit our contact form.

This plugin is based on the work of a couple of other authors. I want to especially thank Herbert Hanewinkel, who did not only do most of the JavaScript implementations of the cryptographic algorithms, but who also helped me with the development of this plugin. Not to forget that much of the frontend stuff is derived from his insightful online demo.

Feed for this post Categories: Software

10 comments on “Encrypted contact forms for WordPress”

  1. Michael Moore on November 28, 2006 at 09:15 #

    You can’t use JavaScript for protection

    http://neosmart.net/blog/archives/193

    I found this link in less than 2 seconds, it was on a ha.ckers.org post. It explains fully why these methods will never work.

  2. Alex Günsche on November 28, 2006 at 11:05 #

    Hello “Michael Moore”,

    I’m afraid you didn’t understand what this is about. The article you mention is about protecting e-mail-adresses from being harvested by spammers. This has nothing to do with real encryption. We’re talking about protecting a message with special methods, so that even the CIA won’t read your message within the next 100 years.

  3. Alan J Castonguay on November 29, 2006 at 02:13 #

    I never would have expected that Javascript was fast enough to do the math required for PKI in a reasonable amount of time. Apparently that assumption was incorrect, and thus, this is really cool.

  4. Alex Günsche on November 29, 2006 at 11:50 #

    I never would have expected that Javascript was fast enough to do the math required for PKI in a reasonable amount of time.

    Me neither. ;-) I had been searching for something like this for quite a time on the web, and I was very impressed when I first saw Mr. Hanewinkel’s implementation.

  5. Romerican on November 29, 2006 at 13:25 #

    The CIA might not read it in 100 years, but you can bet that perpetual cat-and-mouse will allow the NSA to read it within 10 years (and that’s assuming they don’t actually target you actively). Even though encryption merely buys you a little time, I’m very glad you’ve shared this plugin. I’ll try it out.

  6. http://www.cregy.co.uk/ on December 1, 2006 at 09:12 #

    Encrypted Contact Form…

    From the website:
    We are happy to announce the release of our next great WordPress plugin. It is called Subrosa and it is a snap-in for various WordPress contact forms to allow Public Key encryption of confidential messages. What this is and what the b…

  7. dude on December 2, 2006 at 21:52 #

    So what´s the real benefit?
    I thought this might protect any contact forms, but it doesnt, does it?

  8. Alex Günsche on December 3, 2006 at 11:38 #

    Hey dude, how about putting that fancy cigaret aside and asking your question once again? ;-)

  9. matt on June 26, 2007 at 18:10 #

    Thanks for this, if you combine this with a free email cert from Thawte or enigmail then you have user-agent to server to webmaster encryption without the need for SSL.
    This can also be adapted to protect your session variables and sensitive cookie data from being replayed, with a few tweaks.
    Very useful

  10. Alex Günsche on June 27, 2007 at 11:49 #

    Cool, Thawte offers free e-mail certificates? How can I get one?
    edit: I found it! I’ll check it out.

Comment on this article

 (not published)


Comments can be revised for 30 minutes after publishing.