gmail-crypt is now “Mymail-Crypt for Gmail™”, download now!

Download: Mymail-Crypt for Gmail™ Chrome Web Store Link

Name Change

There have been a lot of changes to gmail-crypt. Perhaps one glaring difference as the title notes is I have changed the name to “Mymail-Crypt for Gmail™” as part of my push to get the extension available in the Google Chrome Web Store. They seem to be quite concerned about how you use their trademarks, and I believe I have changed it to meet their standards.

Notable Technical Changes

  • The Options page has been revamped to use Bootstrap. There have been a number of changes to how the options appears. I hope it makes it more intuitive.
  • I’ve integrated the most up-to-date version of OpenPGP.js. In this version I have just recently finished some significant pushes to key generation. This means that you can now generate keys with passphrases.
  • I’ve added the ability to Encrypt with/without a signature, and to just sign a message.
  • Lots of bugfixes, general improvement

Security Concerns

I think this software is quite useful but there still are some special concerns in regard to using this software. You should weigh how important these concerns are to you:

  • DO NOT use this on a shared computer. This extension is not (yet) multi-user capable.
  • This release still allows drafts to be uploaded to Gmail servers. Unencrypted drafts could be stored on Gmail servers.
  • Storing private keys in browser. The extension will run under it’s own domain but it might be possible for malicious entities to access it.
  • Password input into the DOM. Currently input for passwords is done directly into the DOM. This means it would be conceivable for gmail to acquire this password. It is important to note that private keys are stored in the context of the extension and not gmail’s context.
  • Cryptographically Secure Pseudo Random Number Generator. OpenPGP.js uses window.crypto.* for random number generation, the quality of this is browser dependent. By definition this should be a good source, but is an externality to consider.

Make sure that you keep backup copies of all the keys you generate. If they’re lost, they’re lost.

TL;DR — There have been a ton of changes that make this extension much more polished. Give it a whirl. Read the Help page for some possible security concerns if that’s your style.

Download: Mymail-Crypt for Gmail™ Chrome Web Store Link
As always, the project page is available here

21 thoughts on “gmail-crypt is now “Mymail-Crypt for Gmail™”, download now!

  1. Hi, while I am thankful for all your work, I am having trouble decrypting. In my test I use the same password that I used to encrypt and I get the following message “Mymail-Crypt for Gmail was unable to decrypt this message.” I can send you a screenshot if you want.

  2. Have the same problem with decrypting my own test messages.
    1. Can not decrypt my test message if there is a common sign like “Oleg Bodarenko ABC Corp., http://www.abc.com“. Works ok only with messages written from a “blank list”.
    2. Can not verify my test message if it was only signed. “Mymail-Crypt for Gmail was unable to decrypt this message.”

    1. Sorry for being slow to reply to this. Can you elaborate on #1? I’m afraid I don’t quite understand.

      #2 is a known issue, that partially comes from OpenPGP.js not supporting all type of signing. I hope to have a better solution for this in the future.

  3. Hi,

    I tried to insert my private key and received the following error message: “Mymail-Crypt for Gmail was unable to read your key. It would be great if you could contact us so we can help figure out what went wrong.”

    Any suggestions.

    Thx in advance

    1. Hm, usually this happens when people generate their key with a program that does things slightly differently than we expect or their key is really old. What program did you use to generate your key? If you can create a sample private/public keypair that exhibits the behavior that would be extra awesome.

  4. Hi!

    Congratulations for your excellent work. It’s great how easy you’ve made email encryption in Gmail 🙂

    I have a little problem. When I sign (or receive signed emails) I always get the message: “Mymail-Crypt For Gmail was unable to verify this message”. How can I solve it?

    Thank you very much.

    Regards.

  5. Hello:

    When trying to generate a new key, the submit button does nothing. I’m using Chrome version 35.0.1916.114 m and the latest mymail-crypt plugin for it.

    The help says generating the key would take a couple of seconds but I waited several minutes and it didn’t work. Java and javascript are enabled.

    What am I doing wrong?

    Best regards

    Sergio

    1. There was a bug for some users in one of the recent versions that has since been fixed. Is this still an issue for you?

    1. These keys generally are supported, can you provide more information? Are you trying to import public or private key? Can you run

      gpg --list-packets your-key.asc

      and give that output? Can you paste the public key in a gist or here?

      1. Sorry, I should have reply before cause I sorted it out since then (was using a wrong sig) and yes I was able to import the public key.

        1. It works great between gmail accounts however it has no support for public keys… you have to copy and paste a key.. it has no way if importing a key from a public repository –

    1. Under the 3 line menu in the upper right hand side of Chrome, follow “More Tools”, then “Extensions”, from there you can remove any extension you have added to Chrome.

  6. Hi, I have noticed that if you receive a message, and you wish to sign your reply, you will get a error.
    Could this be resolved.
    also generation of keys does not seem to function.
    regards

  7. It works great between gmail accounts however it has no support for public keys… you have to copy and paste a key.. it has no way if importing a key from a public repository

Leave a Reply

Your email address will not be published. Required fields are marked *