I have (finally) pushed a new version of Mymail-crypt for Gmail to the Chrome store (and github).
The extension visually appears and functions very similar to what you’re used, however, it’s got a hugely updated encryption engine underneath.
We’ve been refactoring and improving the Openpgp.js project significantly over the past year. In this version of Mymail-Crypt, I’m incorporating these changes for a better experience.
- Support for more OpenPGP clients keys — great news if you’ve had trouble with other peoples keys in the past.
- Better signature verification. There is now a “Verify Signature” button for messages that are signed but not encrypted. If a message is both encrypted and signed, Mymail-Crypt will attempt to verify the signature when you use the “Decrypt” button.
Really, there are a ton of improvements in the encryption library, but most of them are transparent. Now that this has been shipped, there are a number of other visual items and cleanup I’m hoping to turn my attention to.
Let me know if you have trouble migrating, or using the new extension!
hi,
seem to be great but
Still no hope to have it in an Extension for Firefox ?
thanx
Not in the immediate future, sorry. I’m glad you voice your support though, that helps me prioritize features.
Glad to hear it. So, as sung by Depeche Mode, it’s just a question of time. 😉 thanx
how is open (www.hacker.co.in)
When I try to use the extension in chrome, it does not respond to the encrypt and sign button
Any thoughts
Have you set up your private key and a public key of someone to send it to? Are you seeing any errors? If you haven’t set up your keys yet, https://www.youtube.com/watch?v=aAXIqnjbc-M should help.
Yep – I set up a private key and public key
Apologies, there was a caching issue in the public version for awhile that should now be resolved. Are you still seeing this?
I installed the extension, but when I tell it to verify a signature, it says “No signed, cleartext OpenPGP message was found. Was this message also encrypted?”
Message source from Gmail below (with email addresses redacted).
Return-Path:
From: REDACTED
Content-Type: multipart/signed; boundary=”Apple-Mail=_3275CE22-F50A-4AD1-BF99-A556C46E343E”; protocol=”application/pgp-signature”; micalg=pgp-sha512
Subject: Signed with OpenPGP
Message-Id:
Date: Sat, 9 Aug 2014 15:42:13 -0700
To: REDACTED
Mime-Version: 1.0 (Mac OS X Mail 7.3 \(1878.6\))
X-Mailer: Apple Mail (2.1878.6)
–Apple-Mail=_3275CE22-F50A-4AD1-BF99-A556C46E343E
Content-Transfer-Encoding: 7bit
Content-Type: text/plain;
charset=us-ascii
You should see this as signed and be able to read it. Let me know..
H
–Apple-Mail=_3275CE22-F50A-4AD1-BF99-A556C46E343E
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment;
filename=signature.asc
Content-Type: application/pgp-signature;
name=signature.asc
Content-Description: Message signed with OpenPGP using GPGMail
—–BEGIN PGP SIGNATURE—–
Comment: GPGTools – https://gpgtools.org
iQEcBAEBCgAGBQJT5qPFAAoJEKYIyoeNHiRcmJUH/2buEsOOmfv3Y8hrE5v7s7HJ
TU5UVvgxQ9NX5wUcWUrGI5PXQPH6UIyxcnl1B8vrVL2K0CjolFUbYkHNYLYbIDX/
aoLbvRda4BPzl7MBZsqiWHgugDGWObdvhVDtOn2mLZlatWICQAJE0dffRIH1L9dD
zOYzku7AuVBZOhV+CDvfTikV1uPE9SYBCL893XxVWpqlFgPzlOhfSOGALXqErPb+
b2ca1B3nthXY8CumzDSf1NdNDdUqJzxmEyHp/mbXpQaUtbZwBBjklmR2eusqQR86
/zFxE0QZc1lh99OeYC6Rr94QnL7nRuL1BQ1KQxrTludEBOOaCNLisBDiEdWB09w=
=iKH9
—–END PGP SIGNATURE—–
–Apple-Mail=_3275CE22-F50A-4AD1-BF99-A556C46E343E–
It looks like this message is missing the following line before the text:
—–BEGIN PGP SIGNED MESSAGE—–
That line is required by the protocol to know what text is signed. Did the other person send the entire message?
Thanks. Looks like the code assumes an RFC2440 message and can’t cope with RFC3156 (which superseded RFC2015). Right?
If so, that’s a shame, because it looks like Apple Mail generates ‘3156 format.
Sorry I missed answering this.
MIME is RFC 3156. It’s a pretty different approach from OpenPGP/PGP/GPG.
OpenPGP is RFC 4880 (supersedes 2440).
1) Thank you for your fantastic Gmail extension
2) I need your help please!
I’m using the following for email encryption:
Web based: Gmail with Mymail-crypt
Outlook: Gpg4win/GnuPG Outlook plugin
Android: K9+APG
I can encrypt, send and decrypt from any of the above to any other of the above, with one exception as follows:
Encrypt in Outlook using GnUPG—> message encrypts with no errors–>send to Android and Gmail. Android decrypts no problem, Gmail fails with the message below. I know the Gmail public key used to encrypt the message in Outlook is correct, as the same key works fine when encrypting and sending from K9 to Gmail
No OpenPGP message was found.
—–BEGIN PGP MESSAGE—–
Version: GnuPG v2
hQEMA7JLweNSjpTuAQf6A3Ovuju/VDK2Izf/V0NxuKH87xjr9CAEQ0lFZepy9KoQ
eu2XHlhylgjl1K8HOI2G9GoL6CLBpfV/d6ihEUtZqVIX4N44JYVkvEdZoPxpOVpe
ZGX05bLPJHHhFbs4IP7Te5993qbibn41r6tbgxVmYvOD9Xqdl9GVlGSbLUj90YQt
gx+IoHbeBB5mjnSqNhb7aIaAZpo2OeILc6RalUHjx4lKLD8ICp83pr3OAS43Dini
BcR1DPli4EjmMBJ4Nu+tfzSbxCAfaKT43xIW1OutodtRzfbTjE1K3Ll2uJrbakqd
ecV2GXzEWwHxUSGNGTrq8oQGQR+87KpefN34c+pJhIUCDAP+BCHBrPDC2gEP/3yI
xdadVn7/80PWK0W/wKKsWx/5fUExTpCPmIBVnVYssi1YfBcF+GlhsQbweNMujrqq
Je1j+ZYcsC/PM/xaspSNr1tUM9ABC+Dlz3w18PTaJZIUDGK3oNCB3YX/OH5PogJl
g8j2qjBuUdgpOrCTFaKUySKOPhJyts455R188/am/apniLd84kAdU2A39fVh4APs
O31vOQth85UDDVADpnIvU8o2mYXsMzo8AzpEn3ae7oJ/cDjb0StTgcErMgn0HoLj
gjYb2u+hJLR2j3kDVipEyRQH7+dVK+kLZk2j+NB8gE+Bdh6zQ1GdU0paYdhSbfqI
X+O3UVitFg2JQ1Jx2Y2CJWgJII1S1Ppah5ma3bB2rt3/vzSlvExYyz9wdzhhEuNR
7BPhWPna2ogcZHXwIGaYSQEYdWNvnTJGOk34sa8Va29bpTlQ94tTfOuKc6gFNx8N
EKoQzyrSPsAHkmHCh6Vx3ygfTKBlCUJL1zaLJkhJpX9iqYqrkjpUx7zz1S8Ip42q
UAeJIwuyQxBktwWQsngSG8DoSkItGd2+PjcKFqLytuj5jGn4V/Gbs0iK74Y9NiHr
obId9IT+xSjh/LBYco7HK/6Uco7SKyWMmCTBvtXtZkkgzML+6/XEDdXYiCtTovKf
9tCZ7g93T/EBhTKp2ziGBLBVDzvBzwAwLYPHGlIi0lIBKlz5N59Swr3qr1Ibvoob
Pku6K2ycNnWvEW8jOpVrBnPTujgpqE9OxkTESNddV2C1x2ZnUUlHDQNmSSYWBUHj
jekh/gEGTQiwi2b3IySmYaXY
=55dU
—–END PGP MESSAGE—–
Is there some incompatibility between GnuPG v2 and Mymail-crypt? If so is there a workaround?
Thanks in advance.
There were some changes to this awhile ago, but I missed replying to this. I’ve added some more flexibility in parsing messages. Let me know if you still see this issue.
If i write a message webased, and gmail automatically saves it to their server how wpuld my message would be sage from google server eyes?
Because they save the message before sending it…
I can’t se that this extension protect you data because gmail auto save you data before you encrypt you data. This extension have only meaning if the extension block the auto save funktion or encrypt every keyin behinde a cleartxt indput box.
Funny that the developer not have realize that. Is the extension designed by NSA as a trick?
If you have multiple keys is there a way you can select which key to use for signing when composing an email message? I don’t see this feature. Is there a workaround or is it on the slate to be added as a feature?
Thanks in advance,
-Gregg
I created https://github.com/seancolyer/gmail-crypt/issues/73 to address this issue.
FYI currently it will find a private key that matches the selected email, so if you have multiple email addresses you can send from and keys corresponding to each it should work.
Just curious, what is your usecase for multiple keys per email address?
I’d love to collaborate with you to make this program even better. One of the things I’d like to do is make something like Mymail crypt, but with the NaCl encryption engine, rather than PGP. This would allow users to use a key derived from a password they input rather than a stored PGP key, with great improvement in usability. You can also change keys with each message so the previous ones can no longer be decrypted (forward secrecy).
All of this is already implemented into SeeOnce (also a Chrome extension, which you can find in the Chrome store), but what’s missing is the integration with Gmail, which can come from the Mymail Crypt code.
Please drop me an email. Thanks!
I’ve installed it on a couple of PCs but i can’t seem to find the keys i generated.. anything wrong with it?
Can you direct me to a way of recovering my password? I have the PGP public key as well as the GPG private key.
Hello,
I hear many things about Crypting e-mails.
Google has its own solution Google End-to-End, there are, Mailvelope, mymail-crypt, OpenPGP, GnuPG…
It seems that most of the solutions doesn’t exist on Android, and you have to use K9+APG, OpenKeychain…
Both mailvelope and mymail-crypt, does not offer a solution for android…
And Android solutions don’t offer a Gmail solution…
What is the problem ? A global solution would be not safe, too centralized, too weak ?
As lots of web articles/publication are not dated, it is difficult to know what is old or recent news.
My question 1 is : why is there no global email encryption solution for Gamil and Android whereas/while encryption is a central issue nowadays ?
My question 2 is : what is the most simple Android solution compatible with mymail-crypt ?
Thank you Sir
Please accept, Sir, the assurances of my highest considerations.
Any love for inbox? 🙂
It’s virtually unattainable to find skilled individuals On this specific subject matter, having said that, you seem like you determine what you’re discussing! Thanks