gmail-crypt is now “Mymail-Crypt for Gmail™”, download now!

Download: Mymail-Crypt for Gmail™ Chrome Web Store Link

Name Change

There have been a lot of changes to gmail-crypt. Perhaps one glaring difference as the title notes is I have changed the name to “Mymail-Crypt for Gmail™” as part of my push to get the extension available in the Google Chrome Web Store. They seem to be quite concerned about how you use their trademarks, and I believe I have changed it to meet their standards.

Notable Technical Changes

  • The Options page has been revamped to use Bootstrap. There have been a number of changes to how the options appears. I hope it makes it more intuitive.
  • I’ve integrated the most up-to-date version of OpenPGP.js. In this version I have just recently finished some significant pushes to key generation. This means that you can now generate keys with passphrases.
  • I’ve added the ability to Encrypt with/without a signature, and to just sign a message.
  • Lots of bugfixes, general improvement

Security Concerns

I think this software is quite useful but there still are some special concerns in regard to using this software. You should weigh how important these concerns are to you:

  • DO NOT use this on a shared computer. This extension is not (yet) multi-user capable.
  • This release still allows drafts to be uploaded to Gmail servers. Unencrypted drafts could be stored on Gmail servers.
  • Storing private keys in browser. The extension will run under it’s own domain but it might be possible for malicious entities to access it.
  • Password input into the DOM. Currently input for passwords is done directly into the DOM. This means it would be conceivable for gmail to acquire this password. It is important to note that private keys are stored in the context of the extension and not gmail’s context.
  • Cryptographically Secure Pseudo Random Number Generator. OpenPGP.js uses window.crypto.* for random number generation, the quality of this is browser dependent. By definition this should be a good source, but is an externality to consider.

Make sure that you keep backup copies of all the keys you generate. If they’re lost, they’re lost.

TL;DR — There have been a ton of changes that make this extension much more polished. Give it a whirl. Read the Help page for some possible security concerns if that’s your style.

Download: Mymail-Crypt for Gmail™ Chrome Web Store Link
As always, the project page is available here

25 thoughts on “gmail-crypt is now “Mymail-Crypt for Gmail™”, download now!

  1. Hi, while I am thankful for all your work, I am having trouble decrypting. In my test I use the same password that I used to encrypt and I get the following message “Mymail-Crypt for Gmail was unable to decrypt this message.” I can send you a screenshot if you want.

  2. Have the same problem with decrypting my own test messages.
    1. Can not decrypt my test message if there is a common sign like “Oleg Bodarenko ABC Corp., http://www.abc.com“. Works ok only with messages written from a “blank list”.
    2. Can not verify my test message if it was only signed. “Mymail-Crypt for Gmail was unable to decrypt this message.”

    1. Sorry for being slow to reply to this. Can you elaborate on #1? I’m afraid I don’t quite understand.

      #2 is a known issue, that partially comes from OpenPGP.js not supporting all type of signing. I hope to have a better solution for this in the future.

  3. Hi,

    I tried to insert my private key and received the following error message: “Mymail-Crypt for Gmail was unable to read your key. It would be great if you could contact us so we can help figure out what went wrong.”

    Any suggestions.

    Thx in advance

    1. Hm, usually this happens when people generate their key with a program that does things slightly differently than we expect or their key is really old. What program did you use to generate your key? If you can create a sample private/public keypair that exhibits the behavior that would be extra awesome.

  4. Hi!

    Congratulations for your excellent work. It’s great how easy you’ve made email encryption in Gmail 🙂

    I have a little problem. When I sign (or receive signed emails) I always get the message: “Mymail-Crypt For Gmail was unable to verify this message”. How can I solve it?

    Thank you very much.

    Regards.

  5. Hello:

    When trying to generate a new key, the submit button does nothing. I’m using Chrome version 35.0.1916.114 m and the latest mymail-crypt plugin for it.

    The help says generating the key would take a couple of seconds but I waited several minutes and it didn’t work. Java and javascript are enabled.

    What am I doing wrong?

    Best regards

    Sergio

    1. There was a bug for some users in one of the recent versions that has since been fixed. Is this still an issue for you?

    1. These keys generally are supported, can you provide more information? Are you trying to import public or private key? Can you run

      gpg --list-packets your-key.asc

      and give that output? Can you paste the public key in a gist or here?

      1. Sorry, I should have reply before cause I sorted it out since then (was using a wrong sig) and yes I was able to import the public key.

        1. It works great between gmail accounts however it has no support for public keys… you have to copy and paste a key.. it has no way if importing a key from a public repository –

    1. Under the 3 line menu in the upper right hand side of Chrome, follow “More Tools”, then “Extensions”, from there you can remove any extension you have added to Chrome.

  6. Hi, I have noticed that if you receive a message, and you wish to sign your reply, you will get a error.
    Could this be resolved.
    also generation of keys does not seem to function.
    regards

  7. It works great between gmail accounts however it has no support for public keys… you have to copy and paste a key.. it has no way if importing a key from a public repository

  8. Thank you, it was a great idea to implement PGP in js in Gmail. But due the gmail interface change it’s not working in 2021.

  9. The best features of the Maha168 Slot Site
    Choosing an online gambling site, of course, must be like fine reasons, including having good advance and agreed profitable
    features. In today’s digital era, people can easily build a site and have enough money online gambling game services, but that doesn’t aspire the site will manage to pay
    for the encourage you want.

    Of the hundreds of online gambling sites approachable in Indonesia, the Maha168 site
    will be the answer to all your needs just
    about online gambling games. Through this site,
    you will locate the best online gambling experience that
    you can find in Indonesia. Maha168 is an online gambling site that
    has been chosen by thousands of professional online gambling players in Indonesia.

  10. link to the pure Mabosway sports betting different by registering – Are you looking for an daring and further
    experience in the world of online gambling?

    You have arrive to the right place, because here you can belong to us, the best and most trusted gambling
    site agent in Indonesia!

    We are fortunate to be competent to manage to pay for the best servants to members who
    are always faithful to trust us and create us a gambling
    partner. Therefore, we have prepared various types of fun and popular
    games such as Mabosway sports betting, casino, lottery,
    and others.

    Not unaided that, there are also many promos that we will pay for and of course it is every aimed at the help of
    the members. all the facilities that are pleasing for you next you become
    a supporter here. Here are some of our advantages
    higher than supplementary sites:

    The bump and termination process is quick and accurate
    Members’ personal data and identities are always secure and will not leak to other parties
    Mabosway login, one addict ID that can be used
    for various types of games
    Customer staff who are always ready to put up to you 24/7
    Unlimited Bonuses and Promos
    The best serve supported by years of experience has made Mabosway always trusted by
    its members and earned the title as the best gambling site agent in Indonesia.

  11. There are a lot of bookies in Indonesia who have been irritated to near their businesses since Indonesia adopted
    a enactment that prohibits all forms of gambling. Because of this phenomenon and is supported by technological advances that are unquestionably rapid,
    past later all gambling comings and goings are no longer carried out freely and
    forlorn shaped online such as online soccer betting or online casino.

    Progress is not without challenges, because the easier entry to counsel technology, many irresponsible people begin to undertake advantage.

    Looking for pension by scouting gambling agents and utilizing the fans of gambling off
    guard by scamming, fraud, phishing, etc.

    Different from Us! Our credited site on your own gives members admission to soccer gambling
    and online casino games that have been proven secure and reliable.

    Gambling games from gambling game provider
    sites that we offer, have a categorically fine reputation, both in terms of
    the system and its facilities to customers.

Leave a Reply

Your email address will not be published. Required fields are marked *