
How to support PGP encryption in Gmail - conorpp
http://conorpp.com/blog/How-to-support-PGP-encryption-in-Gmail/
======
kweks
It's worth mentioning Mailvelope (
[https://www.mailvelope.com/](https://www.mailvelope.com/) )

\- Free \- Supported in FF / Chrome \- Supports Gmail, Yahoo, Outlook and GMX

I've been using it extensively for about 12 months now. It's solid,
unobtrustive, and just .. works.

Decryption of attachments would be nice, but it's definitely not a deal
breaker.

~~~
mikekchar
Signing of encrypted messages is not supported at the moment. Unfortunately
that's a deal breaker for me :-( But it _does_ look very nice.

~~~
kweks
Plain vanilla signing obviously works, and you could (and can, according to a
quick check) - just paste your encrypted message back into the window and sign
it (unless I grossly mis-understand signing, which I might do..)

------
arat
At the moment, end-to-end is NOT production ready, and will likely undergo
further hardening in the coming months. Use at your own risk.

~~~
DrewHintz
I agree that it's not yet ready for general use, but what hardening do you
expect to happen in the coming months?

I'm one of the original end-to-end authors, but haven't worked on it recently.

~~~
koto1sa
I'm an developer on E2E team as well and can confirm that there's no
'hardening' going on. E2E is, to the best of our knowledge and we have
expressed what that exactly means in our threat model:
[https://github.com/google/end-to-end/wiki/Threat-
model](https://github.com/google/end-to-end/wiki/Threat-model). E2E is under
Google VRP ([https://www.google.ch/about/appsecurity/reward-
program/](https://www.google.ch/about/appsecurity/reward-program/)), so if
you're aware of any vulnerabilities, let us know.

E2E extension is not production ready, but I myself am using the compiled
version as it is, in my biased opinion, the most secure of existing PGP-in-
the-browser extensions.

------
tristor
What is so terrible for people about using an email client? I find using the
Gmail web interface to be frustrating because they've removed the ability to
pop out the compose view into it's own window, so I can't easily reference
information in another browser tab while writing an email for instance.
Meanwhile, Gmail has excellent IMAP support, which lets me use Thunderbird +
Enigmail to get excellent PGP support.

~~~
arjie
Nothing is terrible, I suppose, but in the web client I personally enjoy the
fast search, filtering, labeling, split pane smart inboxes, integration with
Calendar, modal keyboard shortcuts (they aren't operative when you're typing
in a text box but are active otherwise) and non-intrusive threading
(conversation-view).

The fact that all this is the same on my Macbook Pro, on my Arch Linux
desktop, or when I reboot to Windows, without any effort on my part to
synchronize settings makes this all rather excellent.

~~~
jagermo
Same here. I use at least 2 PCs as well as mobile Systems. I love to have the
same data everywhere without having to sync something.

That beeing said, I wouldn't mind running my own webmailer as long as it has
most of the google apps/office 365 features.

I'm hoping for mailpile myself even if it still takes some time.

------
edent
At the moment, I use the Mailvelope extension.

[https://www.mailvelope.com/](https://www.mailvelope.com/)

Excellent in Chrome - a bit slow in Firefox.

~~~
leni536
There is WebPG too:

[https://www.webpg.org/](https://www.webpg.org/)

It wraps around your existing gnupg installation.

------
viraptor
FAQ is a bit confusing. They say there's only one keyring, but at
[https://github.com/google/end-to-
end/wiki/Keyring](https://github.com/google/end-to-end/wiki/Keyring) they
admit it was not a great idea and that they're splitting the responsibilities.

Based on the last planned implementation (External Key Manager (GnuPG bridge,
other hardware, network oracle etc..)), I hope it will "just work" with
hardware keys.

~~~
koto1sa
One of the developers here:

Yes, the Keyring reimplementation is in progress and ends very soon. After the
redesign, applications built on top of E2E library will be able to use
different sources of both public and private keys (so it's easy to do
integrations with GnuPG, hardware keys HKP, or e.g. Facebook).

The API will be similar to what's in [https://github.com/google/end-to-
end/wiki/Keyring](https://github.com/google/end-to-end/wiki/Keyring).

~~~
mikekchar
One thing that is currently missing from E2E (as far as I can tell having
played with it a little in the last month) is any kind of web of trust. When I
import a key, I can't tell if it has been signed by me or someone I trust. Is
this on the radar for the UI after the Keyring reimplementation is finished?

At the moment, what we've suggested at our work is that people manage keys in
GPG and then only export keys into E2E if they trust them. But it would be
nice be able to do those kinds of things in E2E (or at least be able to tell
if a key was signed by me).

BTW, thanks for working on this!

~~~
koto1sa
See [https://github.com/google/end-to-end/wiki/Key-
Distribution](https://github.com/google/end-to-end/wiki/Key-Distribution). In
short, we don't invest much into WoT.

~~~
timboslice
After giving that a read, I'm happy that there are people way smarter than me
working on these problems. Kudos to your efforts!

------
jaaron
The fact that you lose your draft when the window loses focus kills it for me.

------
chromano
There's no way I'd share my private key with whatever extensions there are. It
just doesn't feel right.

------
mtgx
Good to see that E2E has been progressing, but I still wish we had a PFS
alternative to PGP.

With today's hacks and the total state of surveillance in which we are in,
it's a little crazy to expect people to use the same key 10+ years without it
getting compromised. Even a year seems too much.

------
feld
Wait, you have to install a JDK to use this chrome extension?

~~~
lallysingh
No, to build the chrome extension from source.

~~~
feld
oh, thanks for clarifying.

------
drdaeman
Does it use inline PGP or PGP/MIME?

(On an unrelated note, I wonder if there's anything on mobile that supports
PGP/MIME. K-9 Mail only knows about inline.)

------
leni536
I tried to use gnupg but can't wrap my head around the web of trust. My main
concern of WoT: What my signature of an other guy's public key actually means?
My takeaway is that there is an implicit statement that you sign, but I don't
really know what it is. According to the gnupg privacy handbook[1] this
statement is roughly "I trust that this guy can properly sign other stuff"
which is kind of recursive, but I like it.

But when you validate if a message is really written buy a guy named John Doe
then the trust path doesn't actually verify this. The trust path verifies that
this guy who claims to be John Doe is good at signing other guy's keys. I
don't care about that at this point. Of course people don't actually think of
the statement written in the privacy handbook, they implicitly sign the
statement "I trust that this guy can properly trust other stuff _and_ I know
that this guy's name is what he currently has as an ID.". There are several
problems with this in practice:

\- Now you are signing two statements with one signature and you can't
separate the two. Now using anonymous public keys becomes tricky as you lose
one half of your statement.

\- Signing the id happens at the wrong place. Malory can revoke her identity
than push "Barack Obama" as her new id, now she can send messages in the name
of the president. Of course in practice it's hard, because you can't delete
revoked ids from key servers. But at this point you trust the key servers. I
thought that key servers are not trusted part of PGP.

\- gnupg guys advocate key signing parties: you gather at one place, bring
your ID then sign each other's keys. The problem with this that you only
verify half of your statement (id). The other half is tricky to verify (Can
this guy properly protect his priv key? Will this guy just randomly sign
everything he sees?), I think it makes more sense to trust a friend who you
already know well. Of course there are trust levels and I think you should
only use marginal trust at these parties, however I don't know what's the
practice.

\- There are keys that are not tied to people, they are typically tied to
software packages. Now what does it mean when someone signs such a key? Take
putty as an example. Its master key is signed by several people. Each
signature could mean that "this is the putty project's master key that is used
to sign the binaries themselves" which can be verified by the given guy
knowing the developer and that he is trustworthy (at this point PGP is misused
though, the guy should have signed the developer's key instead and only the
developer should sign the binary signing key, but it would make trust paths
longer). It could also mean that "I trust that PuTTY is a great software and
doesn't do anything nasty behind your back" which requires an entirely
different verification.

In the end the trust path a way too simplified projection of these statements
and most likely you can't actually verify the statement that you care about.

[1]
[https://www.gnupg.org/gph/en/manual.html#AEN282](https://www.gnupg.org/gph/en/manual.html#AEN282)

~~~
knz42
\- re. anonymous keys. There is no need for them to be part of the web of
trust. If you really want them there it is then a common requirements for
signatories to require at least a verifiable e-mail address bound to the
person they know and are authenticating. But then arguably it's not very
anonymous any more.

\- re. multiple identities. cross-Signatures in the web of trust are done on
individual identities, not the master key! So if you sign an identity and the
key owner then creates another, that new identity will not carry your
signature.

\- re. key parties: so far it wasn't an issue because it was implicitly
assumed that people attending a key parting were savvy enough to understand
how to sign. For PGP to be democratized the concept of key party needs to
evolve. I personally combine them with a small lecture on PGP use, and say
"you get to sign each other only if you have attended the lecture including
its small practical".

\- re. software keys. These are typically considered as an extension to the
developers' keys. You as a user shouldn't sign those.

~~~
leni536
> it was implicitly assumed that people attending a key parting were savvy
> enough to understand how to sign

It's not only about being savvy though. You trust the person to not misuse
his/her key unknowingly or knowingly. If you only use marginal trust on a key
signing party then it can be mitigated somewhat though. What's the usual trust
level used on such a party?

Edit:

Then the Putty master key is misused according to you:
[https://pgp.mit.edu/pks/lookup?op=vindex&search=0x4F5E6DF56A...](https://pgp.mit.edu/pks/lookup?op=vindex&search=0x4F5E6DF56A93B34E)

