| I have considered, and even worked on, a Chrome extension for this exact purpose. Some hurdles I discovered: * Websites do weird things with textareas. If it's a plain-ol HTML form, it's pretty easy to intercept and do what you want. It seems most websites intercept button clicks then pass your text around to twenty different JS functions and libraries before doing something useful with it. You wind up writing code to handle edge-cases more than anything else. * To address your final comment, embedding the pubkey inside the text would defeat the entire purpose. A malicious actor (see recent Reddit controversy) can just create their own pubkey, sign the modified comment with it, and noone would be the wiser. Some things I discovered, and found worked well: * Keybase has a fantastic library for generating PGP keypairs in-browser. It really added that extra bit of "magic" to the extension. * Chrome extensions can get CORS exemptions on a per-website basis, and uploading to a standard SKS keyserver is just a POST request that can be done by Javascript. * Expanding on the last bullet point, verifying other user's comments was tricky. During development, I just downloaded all keys on the keyserver that were uploaded by my extension on a scheduled interval and stored them in localstorage. Unfortunately, I don't think this would scale. If anyone is interested in picking up where I left off, I could upload the source to Github. |