This is a read-only archive. Find the latest Linux articles, documentation, and answers at the new Linux.com!

Linux.com

Feature

Encrypt and sign Gmail messages with FireGPG

By Dmitri Popov on June 04, 2007 (8:00:00 AM)

Share    Print    Comments   

Gmail may be an excellent Web-based email application, but there is no easy way to use it with privacy tools like GnuPG. The FireGPG extension for Firefox is designed to solve this problem. It integrates nicely into Gmail's interface and allows you to sign and encrypt not only email messages but also text snippets from any Web page.

As with any other Firefox extension, installing FireGPG is a matter of a few clicks. However, since FireGPG relies on GnuPG, there are a couple of things you have to take care of in order to make FireGPG work properly. First, you have to make sure that GnuPG is installed on your system. You might also want to install a graphical front end to it -- for example, KGpg on (K)Ubuntu -- that you can use to manage keys. Finally, you have to generate the key pair required to encrypt and sign mails and text snippets.

Generating a key pair using KGpg is a straightforward process. Launch KGpg and choose Keys -> Generate Key Pair. In the Key Generation dialog box, enter your name and email address. Select the desired key size; the default 1,024 is strong enough, but stronger keys are also available, if necessary. Next, select the desired algorithm (KGpg supports the RSA and DSA/ElGamal algorithms). Press OK, enter the desired passphrase when prompted, and wait until the utility generates the key pair.

Now you can start using FireGPG.

FireGPG
FireGPG - click to enlarge
Since FireGPG integrates tightly into Gmail, using it to sign and encrypt emails couldn't be easier. Simply select the entire message body, or just the part you want to sign or encrypt, and press either the Sign or Crypt button. Enter the password you specified when you created the key pair, then select the key you want to use, and press OK. This signs or encrypts the messages or the text selection. Keep in mind that when signing the message, you should choose your private key, and when encrypting the email, you have to use the recipient's public key (you can import it into KGpg using the Keys -> Import Key command).

The FireGPG extension also adds buttons that allow you to manage signed and encrypted messages received from other users. You can use the buttons to easily verify a sender's signature or decrypt a message.

In a similar manner you can sign and encrypt a selected text fragment on any Web page. This can be useful if you want to encrypt the selected snippet before you insert it into an email message or a text document. To do this, simply select the text snippet you want and use the available commands under the Tools -> FireGPG menu to sign or encrypt the selection.

That's all there is to it. Using FirePGP is not particularly difficult, and if you often need to sign or encrypt your Gmail messages, this extension will make your life a bit easier.

Dmitri Popov is a freelance writer whose articles have appeared in Russian, British, US, German, and Danish computer magazines.

Every Monday we highlight a different extension, plugin, or add-on. Write an article of less than 1,000 words telling us about one that you use and how it makes your work easier, along with tips for getting the most out of it. If we publish it, we'll pay you $100. (Send us a query first to be sure we haven't already published a story on your chosen topic recently or have one in hand.)

Dmitri Popov is a freelance writer whose articles have appeared in Russian, British, US, German, and Danish computer magazines.

Share    Print    Comments   

Comments

on Encrypt and sign Gmail messages with FireGPG

Note: Comments are owned by the poster. We are not responsible for their content.

Encrypt and sign Gmail messages with FireGPG

Posted by: Anonymous [ip: 69.108.75.103] on January 15, 2008 09:23 PM
I am actually wondering if I've stumbled upon a vulnerability with the firegpg plugin for firefox using gmail. If you are inputing your plain text message into the javascript field in gmail, and lets say your message is a few lines or more, then gmail is automatically going to save a draft of your email - the one you want to encrypt - in plain text. It then saves this copy on its servers thereby circumventing the whole security process! SO what's the point?

#

Encrypt and sign Gmail messages with FireGPG

Posted by: Anonymous [ip: 69.108.75.103] on January 15, 2008 09:35 PM
A follow up to my previous comment: someone posted on the ubuntu forums that gmail uses ssl via https for secure login so all traffic would be encrypted. This may be true for anyone who might want to sniff in the middle, but once at gmail's servers the info is decrypted which allows curious third parties with access to gmail's traffic (i.e. law enforcement or government security agencies) access to such things as a saved draft which are not encrypted outside of the ssl algorithm. Can someone please verify this?

#

Encrypt and sign Gmail messages with FireGPG

Posted by: Anonymous [ip: 65.93.166.69] on February 18, 2008 01:34 AM
Yes the drafts are a problem. Either write the message in the seperate text box and encrypt before pasting it into gmail's box, or find an extension that stops gmails auto draft feature.

#

Auto-save

Posted by: Anonymous [ip: 138.104.36.1] on March 11, 2008 09:59 AM

This story has been archived. Comments can no longer be posted.



 
Tableless layout Validate XHTML 1.0 Strict Validate CSS Powered by Xaraya