digg

Join DiggAbout

Discover and share the best of the web!
Learn more about Digg by taking the tour.

Encrypt and sign Gmail messages with FireGPG

applications.linux.com — Gmail may be an excellent Web-based email application, but there is no easy way to use it with privacy tools like GnuPG. The FireGPG extension for Firefox is designed to solve this problem. It integrates nicely into Gmail's interface and allows you to sign and encrypt not only email messages but also text snippets from any Web page.

Bury
show profanity settings
expand all
  • hiPpymIck, on 10/11/2007, -14/+4free easypeasy encypted email
    https://www.hushmail.com/welcome-upgrade
    recommended by PZimmerman (creator of PGP)

    but small inbox and you have to visit every 3 wks

    i heard Leo Laporte cajoling Steve Gibson to use it on Security Now - he reckoned you need lots of ppl to use encrypted email all the time
    ..to make an individual encrypted email not stand-out

    dont want to lose the right to email privacy by not exercising it

    so im hoping this will help

    • Frost9999, on 10/11/2007, -5/+11It's a nice enough idea to have such a plugin, but practically nobody uses encryption because key management is such a pain.
    • Derrekito, on 10/11/2007, -1/+1PGP lost my keys, and now I have encrypted data I cannot access :(.
    • sockpuppets, on 10/11/2007, -2/+1Owway itway eallyray orksway!
  • snype, on 10/11/2007, -2/+13Just thought I'd share the firefox extension directly for firegpg: http://firegpg.tuxfamily.org/index.php?page=home&lang=en

    • ISIfunded911, on 10/11/2007, -2/+25Just want to share why this extension is an illusion (as someone on Linux.com noted): as you type, gmail automatically saves a draft every few minutes, before you've had time to encrypt your message.
      With this extension, your mails are on google's servers, unencrypted.
      As the CIA funded google at the start...
      You'd better use Thunderbird with the enigmail extension:
      http://enigmail.mozdev.org/
    • vvaduva, on 10/11/2007, -3/+4"With this extension, your mails are on google's servers, unencrypted."

      Yes, but not if you type the message in another app such as notepad and then paste it into GMail to encrypt it immediately. I still see some usefulness for this, even though it doesn't seem to support PGP keys.
    • mcdett, on 10/11/2007, -0/+1@ Tkn00b: pgp.mit.edu

      @ ajs1: I agree with everything you say, but simply this plug-in allows for easier use of protecting the data in transit. One can always first write their message in a text program, encrypt the clipboard contents with this extension and paste it in a new email message (never saved on gmail as an unencrypted draft). I know it has another step.

      I still enjoy the mac's mail client with the gpg extensions: http://www.sente.ch/software/GPGMail/

      the above makes use of keys, decrypting/encrypting trivial!



      mcd
    • Derrekito, on 10/11/2007, -0/+2"As the CIA funded google at the start..."

      really??? I never heard that before
    • 3dom, on 10/11/2007, -0/+3"As the CIA funded google at the start..."
      After a quick bit of research it seems this rumour is quite easily traced back to an interview with an ex-CIA agent with Alex Jones of prisonplanet.com, a website devoted to promoting conspiracy theories.
      If you have any other sources I'd quite like to see them.
  • idevlabsdotcom, on 10/11/2007, -3/+40I work for the government and I just want to express my disappointment because now my job of reading all your emails will be so much harder.
  • stimpack, on 10/11/2007, -2/+10I use it to sign my messages out of sheer bloody-mindedness, noone I know uses GPG so its wasted, but goddamn I want to sign my stuff!.
    • michael003, on 10/11/2007, -1/+4Likewise. I sign my messages on principle, even though nobody else uses it.
    • scagnetti, on 10/11/2007, -2/+1Like michael003 says, nobody uses it. I imagine the main reason is because nobody understands what it all means and how it's supposed to work. What this technology needs isn't a Dummies book, but a dummies crib sheet that breaks it down for Average Joe. Another reason, I think, sigs and encryption don't work is because in many environments you can't trust the availability of Certificate Authorities. It don't think it's their fault necessarily, but they're all at the mercy of the networks they ride over. If Average Joe can't contact the CA to retrieve a key, that encrypted message he just received is nothing more than goo. Overall a good idea, but there's work to be done.
  • cha0sFB, on 10/11/2007, -3/+1Yeah the average Joe could care less about this... But it's a good option to have nonetheless ^^
  • mcpaige, on 10/11/2007, -1/+2What about Mailplane ? http://mailplaneapp.com/
  • timmytheraw, on 10/11/2007, -11/+6for the latest in digg news, visit yesterdays slashdot


    i only wrote this because some people will actually be insulted by my comment, and I find that odd/funny

  • plnB, on 10/11/2007, -4/+1Doesn't work with hebrew chars (they need to add unicode support or something)
  • AJS1, on 10/11/2007, -2/+0Like some of the comments within the article this plug in is not that secure. This plug only allows for two of the three security fundamentals to be met:

    Integrity: Once email is encrypted and transmitted to recipient there is not chance that the message will be modified without corrupting the cipher.
    Authentication: Signing the email verifies that the sender is who they say they are.

    Unfortunately the most important security fundamental is missed or at least not fully met. Confidentiality. Yes when you click send and the email is encrypted and transmitted, it is secure until the recipient decrypts it. The insecurity revolves around one of the handy features gmail offers; auto-saving drafts. Until you actually encrypt and send the email, your message is periodically being transmitted in cleartext over the the Internet to google. Now if you are only concerned that your recipient is being monitored then it is not really a problem, however if you are are concerned your work or ISP is listening in, you have no privacy with this system.

    A notable mention as well; the retention of data on google's servers is already scary enough. So even if you are using this email encryption tool to maintain a comfortable level of privacy and security.... remember, those auto-saved drafts are still sitting in a google datacenter near you. Unencrypted! And it is only a matter of time until Patriot Act 2.5 comes out and Google is forced to bend over.
  • TKn00b, on 10/11/2007, -1/+1Anyone know of a good popular key server?
    • Kitsune818, on 10/11/2007, -0/+1http://pgp.mit.edu/ ?
    • cdmarcus, on 10/11/2007, -0/+2It doesn't matter what server you upload to, they all share keys with each other anyway. I've uploaded mine to keyserver.ubuntu.com, and I just checked, and it's on pgp.mit.edu as well.
  • CoolWind, on 10/11/2007, -2/+2shouldn't this be filed under Linux? don't make non linux users waste their time on linux only software.
    • TKn00b, on 10/11/2007, -0/+2you can use this with windows. you need to download a windows binary of GnuPGP, and then point FireGPG to the directory you installed it to. Next, you will have to generate a key pair using the "gpg.exe --gen-key" command.
  • tanto, on 10/11/2007, -3/+1Hackers hijacking your Gmail account using a technique called Cross Site Request Forgery (CSRF), Techniques requires that you click a link on a dummy hacker site, spam mail or a pop up ad while logged into your Gmail account. This action can transplant a digital spy in the form of a cookie or java script code into your PC. When your Gmail account is open, this digital spy tricks your web browser into sending an invisible request to Gmail servers.

    Is Gmail Hacker Proof?
    http://customerdataplus.com/blog/?p=28
  • ps3udov3ctor, on 10/11/2007, -0/+1with tools like this, where encryption is done easily, using a popular mail package, more and more people will become more comfortable with concepts of encryption. sometime in the future digital signing with or without encryption (even possibly coordinated with biometrics) will be the standard.
  •  

    Login or register to add a comment

    Create a new account or login to join in the conversation on Digg. You'll also be able to Digg stories to help promote things you like.


© Digg Inc. 2008 — Content posted by Digg users is dedicated to the public domain.
DIGG, DIGG IT, DUGG, DIGG THIS, Digg graphics, logos, designs, page headers, button icons, scripts, and other service names are the trademarks of Digg Inc.