> So the security is essentially as strong as the Confluence User security?
There are two main types of security provided by the plugin, gpg key pair encryption and user access control.
The user access control is only as good as Confluence security, except that you can additionally ask for a password.
The gpg encryption is as good as your private key management. There is a new option that allows users to decrypt without installing gpg on their local machine, however they still require the private key and passphrase.
With regards to gpg as a browser api, I am not sure what progress has been made. For this application, if you use the in-browser decryption, it appears that the decryption is done server side. I'm not sure what the security implications of that would be, although I would want to be using a secured connection at the least.
There are two main types of security provided by the plugin, gpg key pair encryption and user access control.
The user access control is only as good as Confluence security, except that you can additionally ask for a password.
The gpg encryption is as good as your private key management. There is a new option that allows users to decrypt without installing gpg on their local machine, however they still require the private key and passphrase.
With regards to gpg as a browser api, I am not sure what progress has been made. For this application, if you use the in-browser decryption, it appears that the decryption is done server side. I'm not sure what the security implications of that would be, although I would want to be using a secured connection at the least.