Mymail-Crypt Version 26

I have (finally) pushed a new version of Mymail-crypt for Gmail to the Chrome store (and github).

The extension visually appears and functions very similar to what you’re used, however, it’s got a hugely updated encryption engine underneath.

We’ve been refactoring and improving the Openpgp.js project significantly over the past year. In this version of Mymail-Crypt, I’m incorporating these changes for a better experience.

  • Support for more OpenPGP clients keys — great news if you’ve had trouble with other peoples keys in the past.
  • Better signature verification. There is now a “Verify Signature” button for messages that are signed but not encrypted. If a message is both encrypted and signed, Mymail-Crypt will attempt to verify the signature when you use the “Decrypt” button.

Really, there are a ton of improvements in the encryption library, but most of them are transparent. Now that this has been shipped, there are a number of other visual items and cleanup I’m hoping to turn my attention to.

Let me know if you have trouble migrating, or using the new extension!

24 thoughts on “Mymail-Crypt Version 26

    1. Not in the immediate future, sorry. I’m glad you voice your support though, that helps me prioritize features.

  1. When I try to use the extension in chrome, it does not respond to the encrypt and sign button

    Any thoughts

        1. Apologies, there was a caching issue in the public version for awhile that should now be resolved. Are you still seeing this?

  2. I installed the extension, but when I tell it to verify a signature, it says “No signed, cleartext OpenPGP message was found. Was this message also encrypted?”

    Message source from Gmail below (with email addresses redacted).

    Return-Path:
    From: REDACTED
    Content-Type: multipart/signed; boundary=”Apple-Mail=_3275CE22-F50A-4AD1-BF99-A556C46E343E”; protocol=”application/pgp-signature”; micalg=pgp-sha512
    Subject: Signed with OpenPGP
    Message-Id:
    Date: Sat, 9 Aug 2014 15:42:13 -0700
    To: REDACTED
    Mime-Version: 1.0 (Mac OS X Mail 7.3 \(1878.6\))
    X-Mailer: Apple Mail (2.1878.6)

    –Apple-Mail=_3275CE22-F50A-4AD1-BF99-A556C46E343E
    Content-Transfer-Encoding: 7bit
    Content-Type: text/plain;
    charset=us-ascii

    You should see this as signed and be able to read it. Let me know..

    H

    –Apple-Mail=_3275CE22-F50A-4AD1-BF99-A556C46E343E
    Content-Transfer-Encoding: 7bit
    Content-Disposition: attachment;
    filename=signature.asc
    Content-Type: application/pgp-signature;
    name=signature.asc
    Content-Description: Message signed with OpenPGP using GPGMail

    —–BEGIN PGP SIGNATURE—–
    Comment: GPGTools – https://gpgtools.org

    iQEcBAEBCgAGBQJT5qPFAAoJEKYIyoeNHiRcmJUH/2buEsOOmfv3Y8hrE5v7s7HJ
    TU5UVvgxQ9NX5wUcWUrGI5PXQPH6UIyxcnl1B8vrVL2K0CjolFUbYkHNYLYbIDX/
    aoLbvRda4BPzl7MBZsqiWHgugDGWObdvhVDtOn2mLZlatWICQAJE0dffRIH1L9dD
    zOYzku7AuVBZOhV+CDvfTikV1uPE9SYBCL893XxVWpqlFgPzlOhfSOGALXqErPb+
    b2ca1B3nthXY8CumzDSf1NdNDdUqJzxmEyHp/mbXpQaUtbZwBBjklmR2eusqQR86
    /zFxE0QZc1lh99OeYC6Rr94QnL7nRuL1BQ1KQxrTludEBOOaCNLisBDiEdWB09w=
    =iKH9
    —–END PGP SIGNATURE—–

    –Apple-Mail=_3275CE22-F50A-4AD1-BF99-A556C46E343E–

    1. It looks like this message is missing the following line before the text:
      —–BEGIN PGP SIGNED MESSAGE—–

      That line is required by the protocol to know what text is signed. Did the other person send the entire message?

  3. Thanks. Looks like the code assumes an RFC2440 message and can’t cope with RFC3156 (which superseded RFC2015). Right?

    If so, that’s a shame, because it looks like Apple Mail generates ‘3156 format.

    1. Sorry I missed answering this.

      MIME is RFC 3156. It’s a pretty different approach from OpenPGP/PGP/GPG.

      OpenPGP is RFC 4880 (supersedes 2440).

  4. 1) Thank you for your fantastic Gmail extension
    2) I need your help please!

    I’m using the following for email encryption:

    Web based: Gmail with Mymail-crypt
    Outlook: Gpg4win/GnuPG Outlook plugin
    Android: K9+APG

    I can encrypt, send and decrypt from any of the above to any other of the above, with one exception as follows:

    Encrypt in Outlook using GnUPG—> message encrypts with no errors–>send to Android and Gmail. Android decrypts no problem, Gmail fails with the message below. I know the Gmail public key used to encrypt the message in Outlook is correct, as the same key works fine when encrypting and sending from K9 to Gmail

    No OpenPGP message was found.

    —–BEGIN PGP MESSAGE—–
    Version: GnuPG v2

    hQEMA7JLweNSjpTuAQf6A3Ovuju/VDK2Izf/V0NxuKH87xjr9CAEQ0lFZepy9KoQ
    eu2XHlhylgjl1K8HOI2G9GoL6CLBpfV/d6ihEUtZqVIX4N44JYVkvEdZoPxpOVpe
    ZGX05bLPJHHhFbs4IP7Te5993qbibn41r6tbgxVmYvOD9Xqdl9GVlGSbLUj90YQt
    gx+IoHbeBB5mjnSqNhb7aIaAZpo2OeILc6RalUHjx4lKLD8ICp83pr3OAS43Dini
    BcR1DPli4EjmMBJ4Nu+tfzSbxCAfaKT43xIW1OutodtRzfbTjE1K3Ll2uJrbakqd
    ecV2GXzEWwHxUSGNGTrq8oQGQR+87KpefN34c+pJhIUCDAP+BCHBrPDC2gEP/3yI
    xdadVn7/80PWK0W/wKKsWx/5fUExTpCPmIBVnVYssi1YfBcF+GlhsQbweNMujrqq
    Je1j+ZYcsC/PM/xaspSNr1tUM9ABC+Dlz3w18PTaJZIUDGK3oNCB3YX/OH5PogJl
    g8j2qjBuUdgpOrCTFaKUySKOPhJyts455R188/am/apniLd84kAdU2A39fVh4APs
    O31vOQth85UDDVADpnIvU8o2mYXsMzo8AzpEn3ae7oJ/cDjb0StTgcErMgn0HoLj
    gjYb2u+hJLR2j3kDVipEyRQH7+dVK+kLZk2j+NB8gE+Bdh6zQ1GdU0paYdhSbfqI
    X+O3UVitFg2JQ1Jx2Y2CJWgJII1S1Ppah5ma3bB2rt3/vzSlvExYyz9wdzhhEuNR
    7BPhWPna2ogcZHXwIGaYSQEYdWNvnTJGOk34sa8Va29bpTlQ94tTfOuKc6gFNx8N
    EKoQzyrSPsAHkmHCh6Vx3ygfTKBlCUJL1zaLJkhJpX9iqYqrkjpUx7zz1S8Ip42q
    UAeJIwuyQxBktwWQsngSG8DoSkItGd2+PjcKFqLytuj5jGn4V/Gbs0iK74Y9NiHr
    obId9IT+xSjh/LBYco7HK/6Uco7SKyWMmCTBvtXtZkkgzML+6/XEDdXYiCtTovKf
    9tCZ7g93T/EBhTKp2ziGBLBVDzvBzwAwLYPHGlIi0lIBKlz5N59Swr3qr1Ibvoob
    Pku6K2ycNnWvEW8jOpVrBnPTujgpqE9OxkTESNddV2C1x2ZnUUlHDQNmSSYWBUHj
    jekh/gEGTQiwi2b3IySmYaXY
    =55dU
    —–END PGP MESSAGE—–

    Is there some incompatibility between GnuPG v2 and Mymail-crypt? If so is there a workaround?

    Thanks in advance.

    1. There were some changes to this awhile ago, but I missed replying to this. I’ve added some more flexibility in parsing messages. Let me know if you still see this issue.

  5. If i write a message webased, and gmail automatically saves it to their server how wpuld my message would be sage from google server eyes?

    Because they save the message before sending it…

    1. I can’t se that this extension protect you data because gmail auto save you data before you encrypt you data. This extension have only meaning if the extension block the auto save funktion or encrypt every keyin behinde a cleartxt indput box.

      Funny that the developer not have realize that. Is the extension designed by NSA as a trick?

  6. If you have multiple keys is there a way you can select which key to use for signing when composing an email message? I don’t see this feature. Is there a workaround or is it on the slate to be added as a feature?

    Thanks in advance,

    -Gregg

  7. I’d love to collaborate with you to make this program even better. One of the things I’d like to do is make something like Mymail crypt, but with the NaCl encryption engine, rather than PGP. This would allow users to use a key derived from a password they input rather than a stored PGP key, with great improvement in usability. You can also change keys with each message so the previous ones can no longer be decrypted (forward secrecy).

    All of this is already implemented into SeeOnce (also a Chrome extension, which you can find in the Chrome store), but what’s missing is the integration with Gmail, which can come from the Mymail Crypt code.

    Please drop me an email. Thanks!

  8. Hello,

    I hear many things about Crypting e-mails.

    Google has its own solution Google End-to-End, there are, Mailvelope, mymail-crypt, OpenPGP, GnuPG…
    It seems that most of the solutions doesn’t exist on Android, and you have to use K9+APG, OpenKeychain…
    Both mailvelope and mymail-crypt, does not offer a solution for android…
    And Android solutions don’t offer a Gmail solution…
    What is the problem ? A global solution would be not safe, too centralized, too weak ?

    As lots of web articles/publication are not dated, it is difficult to know what is old or recent news.

    My question 1 is : why is there no global email encryption solution for Gamil and Android whereas/while encryption is a central issue nowadays ?
    My question 2 is : what is the most simple Android solution compatible with mymail-crypt ?

    Thank you Sir
    Please accept, Sir, the assurances of my highest considerations.

  9. It’s virtually unattainable to find skilled individuals On this specific subject matter, having said that, you seem like you determine what you’re discussing! Thanks

Leave a Reply

Your email address will not be published. Required fields are marked *