Tuesday, 5 June 2007

PGP Encryption with Gmail and Firefox

Now, i haven't ever been using PGP for my e-mails. But recently the question occured with a friend of mine, since he has been using PGP to encrypt his mail since quite a while back and asked me, whether there was a method to do this with Gmail, so i could send him encrypted and signed e-mails and vice versa.

What is PGP (Pretty Good Privacy) anyway? Applying the OpenPGP standard one is able to provide cryptographic privacy and authentification for E-Mail. Simply explained it works this way: You provide whoever wants to mail you with a public key, which can be used to garble the mail message, so that it can only be read with your secret key. Your secret key should always remain only in your knowledge.

So to actually start sending someone encrypted mail, you will need his/her public key and a program that will encrypt th mail using the key. Now in common offline mail clients there are many plug-ins that support PGP, but until late not fo any Webmail applications.

In my search for a way to encrypt Gmail using PGP i found quite some possibilities, but most would use Javascript combiend with the Greasemonkey extension for Firefox. This is clumsy though, since the reason for using encryption at all is thwarted, as you have to enter your secret/private key into the browser (Eeek!).

FireGPG to the rescue! This extension will enable the use of PGP to encrypt your E-Mail with Gmail. The extension alone won't do alot though. You will need to install GnuPG on your favorite operating system and also some kind of GUI frontend to create your own public/secret key and add public keys, that you want to mail to. On Linux platforms this is easily done and there are ways for Windows aswell. GnuPG is available for Windows (see "Binaries in the Download section). Winpt is a small frontend for GnuPG.

Why all the bother? Sometimes there are mails, that you don't want others to read, except the recipient. Using PGP is a safe way and about the best thing you will get, short of military grad encryption. It's nice to know, you mail is safe from nosy fingers.

Add from original post:
Apart from my personal investigation this matter has started to gain some little momentum after a post on slashdot (http://it.slashdot.org/article.pl?sid=07/06/04/1439208) and getting a note on lifehacker (http://www.lifehacker.com/software/encryption/-265870.php). The original article on linux.com (http://applications.linux.com/article.pl?sid=07/05/31/1643208) goes into detail about how to this on a linux driven machine, but this can be done on both Windows and Max OS X platoforms as well, as you can see on the FireGPG site.

Also FireGPG just turned 0.4.4 with some minor changes. Be sure to pay a visit to the forum if you have any additional requests, bug reports, etc. .

Also there are some things to consider that need improvement:

  • No inline decryption yet, as soon as you open a message. Can possible cause problems with message threads, since searching for encrypted content takes time. There is a handy "Decrpyt this mail" button, which will launch the decrypted content in a new window.
  • Large amount of encrypted content take quite longer. Also long content will be clipped in Gmail and so you need to open the message in a new window and mark all the content that you want to decrypt. With short messages this is not the problem, since there is a simple "Decrypt this mail" button at the end in the overview.
  • No support for sending encrypted mail to multiple recipients, that use PGP.

No comments: