gmail-Crypt

gmail-Crypt is my project to bring a simple means of using OpenPGP to gmail, in a way that people could actually use it.

Check out the Project Page or Posts about it.

72 thoughts on “gmail-Crypt

  1. Dear sirs,

    I have been checking your program and it works great for ASCII texts in Latin, but for non-Latin text (UTF-8), I see that it cannot decrypt the sent emails. How can this be resolved?

    Thanks.

    Walid

    1. Thanks for checking out the extension. I’ve created a new issue to track this on the openpgp.js github. I hope you continue to use the program.

  2. I just started trying Mymail-Crypt for Gmail and when I tried importing my sons public key there was a problem. I use gpg and importing my keys was fine.

    When I edited the header of his public key, it was then accepted. It was puzzling because I think he is using Mymail to generate the keys.

    Below are the headers. Lines with ‘=’ delimit the headers.

    Did like:

    =========================================
    —–BEGIN PGP PUBLIC KEY BLOCK—–
    Version: OpenPGP.js v0.1
    =========================================

    But didn’t like:

    =========================================
    —–BEGIN PGP PUBLIC KEY BLOCK—–

    Version: OpenPGP.js v0.1
    Comment: http://openpgpjs.org
    =========================================

    Regards,
    ahnkle

    BTW: how might these comments be signed?

    1. That is correct in that there should not be a line space after the header block. I’m not sure why if he is using the Mymail extension that the keys would have this extra line. When Mymail-crypt generates the keys it should not insert that extra line, I have not had this issue reported anywhere else. Do you know if your son has a special install for some reason? No one should really be able to import his public key so I might suggest regenerating a new key.

  3. I have tried the “Sign” option, and it seems to work. But is there a way to verify is a message has been modified? If I try to decrypt the message I get an error (presumably because it is not encrypted) . It is not a deal-breaker, this plugin looks great so far.

    Also, I have copied my keys from Linux to a Windows version of Chrome. Encrypting and Decrypting works fine but I get an orange message saying the message could not be verified. Pardon my ignorance, but is that because the client knows it did not generate the key itself? Do I need to register the key somewhere public?

    Regards, Phil Stephens
    Keep up the good work.

    1. There is currently not a way to verify a message if it just has been signed and not encrypted. This is primarily due to this functionality not being yet complete in the openpgp.js project.

      You do not need to register your key in public somewhere. There seem to be a few issues with getting keys to verify signatures properly, partially due to the fact that the way openpgp allows signatures is quite complicated and can follow multiple different workflows.

      I hope you continue to use the extension and hopefully more signature verification can help resolve your issues.

  4. Would there be any way to remove the password box and have a popup appear only when the encrypt/decrypt button is pressed, I feel it takes space and clutters the email space.

    Another option would be to have the encryption button as a chrome extension button on the browser instead of the gmail interface.

    Some thoughts. Great extension otherwise.

    1. Thanks for the feedback. That’s an interesting idea, the new Gmail compose window doesn’t leave a whole lot of room. I’m in the middle of experimenting with full screen modals for errors, so perhaps passwords could be done there as well. It is slightly more complicated because of the way in which passwords work in OpenPGP, but your point is noted.

      1. Or clicking the encrypt button replaces it by a password field. Type your password, press enter, done.

        Can save some space and only asks for password if you clearly intend to encrypt.

  5. First, thank you for providing this tool!

    Then a suggestion: I miss the option “encrypt to self” in order to be able to read my sent mails later on.
    I guess I could BCC every crypted mail to myself. But I’m not sure if the tool can handle this and also I will forget most of the time. 🙂

    Thanks again,
    Fredl.

    1. This isn’t supported, and unfortunately I don’t think it will be.

      A couple of things you might be interested in though is OTR encryption, which is essentially public key encryption intended for chats (site: http://www.cypherpunks.ca/otr/ ). This is essentially what powers Cryptocat. I don’t know of any extensions for chrome or other integrations that do this for Google Talk.

      Another related interesting concept is an integration that someone forked of my project some time ago on github that was attempting to bring integration to facebook: https://github.com/narenst/gmail-crypt , an interesting idea.

  6. It failed to import PGP Desktop 9.0 and 10.0 keys exported to .asc files, opened in Notepad and the content pasted into the import key window.
    Message is:
    Mymail-Crypt for Gmail was unable to read your key. It would be great if you could contact us so we can help figure out what went wrong.

    —–BEGIN PGP PRIVATE KEY BLOCK—–
    Version: PGP Desktop 9.9.1 (Build 287)

    lQHOBDcSwS0RBADJ2xbBEBDjNp3GrRH+Mc6ysSNyLE5lEuQ0Bn7OVIzvAnBNGIb1

    1. Hmm, I’m not sure what would be causing this. I know a few people have had trouble with PGP Desktop keys. Would it be possible for you to generate a keypair for me to test and send it to me?

    1. By default it is not, it is only encrypted so your recipients can read the message. However, on the Options page under the options tab, there is now the option to also encrypt messages to yourself so that you can then decrypt them later.

  7. noob here with what is probably a stupid question:
    say I have someone’s public key and they send me an email (encrypted using their private key).
    i have their public key so i can decrypt their msg and read it.
    i then reply and click encrypt – this response is then encrypted using my private key right? meaning I have to get my public key to them?

    1. No problem, we all have to learn sometime. Whenever you encrypt a message TO someone you use THEIR public key to do so. You can use your private key to “sign” the data, which they can then use to verify that the message is actually from you.

      Decryption is done by using your private key, because the message is encrypted with your public key.

      When you reply to someone and encrypt a message, it is encrypted using their public key. By default Mymail-Crypt for Gmail will also sign the message with your private key, which means that the person will need your public key if they want to verify the message. Signing is not strictly required to send/read messages, but can verify senders.

      Does that help?

      1. yeah, thanks for that.
        I was a little confused because there didn’t appear to be any way of selecting which public key is used for outbound encryption, but I’m guessing that’s defined by the recipient email address, right?

  8. Thank you very much for creating this! It looks terrific.

    I’m curious about one thing – where do you store the local copy of the private key? Is it protected from potentially malicious code running in the browser? Public key encryption is only safe insofar as private keys are kept safe.

    1. The local keys are stored in the context of the extension, which generally means that other pages can’t access the content. If you’re curious about how this works please see: https://developer.chrome.com/extensions/content_scripts.html

      However, as I think you’re alluding to, you do have to trust your browser. Chrome has a very good history of openly identifying and quickly addressing discovered security issues. If however, you believe that Chrome is not sufficient in this regard you should not use this plugin (or Chrome to use the internet for anything meaningful, really).

    1. You can’t use this with S/MIME. There has been work such as RFC 3156 that attempts to tie S/MIME and OpenPGP together, but currently this project and openpgp.js which powers the cryptography behind it have not done work to directly work with S/MIME.

      Sorry. Hope this help clears it up for you.

  9. Would it be possible to add an option to change the default encrypt selection for the plugin. I sign messages quite a bit more than I encrypt + sign messages. So saving one click for almost every message would be nice.

  10. Hello.
    I’ve exported my key with ‘gpg -a –export-secret-keys KEYID > file’, copy the contents and pasted into the box in ‘my keys’ section and entered the password. But extension does not accept the key saying it was not able to read my key.

    The file looks like this:
    —–BEGIN PGP PRIVATE KEY BLOCK—–
    Version: GnuPG v1.4.12 (GNU/Linux)


    —–END PGP PRIVATE KEY BLOCK—–

    Is there any way to debug the problem?

    1. Sorry it’s taken me a few days to reply.

      That entirely depends on how interested you are in debugging and OpenPGP.js 🙂 Usually tracking down these problems is slightly difficult because the key is usually generated in a way that our framework isn’t expecting. Do you know any reason that would be the case?

      Does your public key import properly? If not, can you send it to me. If you have the ability to generate a keypair that doesn’t work and send it to me is probably the easiest way for me to try and figure it out.

      1. Ohh.. But it says when I try to decrypt own message:
        Mymail-Crypt For Gmail was unable to read your key. Is your password correct?
        Mymail-Crypt for Gmail was unable to decrypt this message.

        1. Hm, that’s tricky. Can you try making a new keypair to test with and if it’s repeatable send me the key? It’s pretty unusual that it would work to import but then not work to decrypt. It’s possible that your key has a weird structure but usually gpg keys are pretty good (that’s what I did a lot of the original testing with).

    1. I had draft save automatically working on the old compose window, but haven’t yet had the time to update that for the new style composition. This is selected in the Options page.

      I hope to have a new version with a bunch of changes and updates soon that will address that. I will post to my homepage (and it will automatically update via Chrome Web Store) when that happens.

    1. Thanks for reaching out to me. Usually when this happens it’s a key version that OpenPGP.js doesn’t support yet. Can you send me your public key? Do you know of any configuration of your key that might make it slightly different than most?

  11. Hi.

    I love your encryption extesion for Gmail. However, I do have one problem. My emailadress is [email protected]. However, Gmail does not care about the dot, and many people now that so they leave it out, resulting in gmail-crypt not recognizing my public key? Is there any possibility that you could make your software ignore dots in the gmail adress as well? There must be other people with the same problem?

    Sincerely,

    Christen Gran

  12. Hi,
    first of all thank you for this great tool and especially thanks for adding the signing to the tool. Unfortunately it does not exactly work as I expect it to work. I can easily press “sign” after composing an email but I am not able to verify the signature after sending the email to myself. Should there be any notification wether the tool was able to verify it? because when I type my password and hit “Decrypt”, nothing happens to a simply signed mail.
    When I encrypt and sign it after composing, I can easiyl decrypt it and everthing works fine. What am I doing wrong? 🙂

    Thanks in advance!

    1. Yeah, this is a known issue, hopefully I can address it in the not too distant future. Hope the extension serves you otherwise though.

  13. I am a newbie student and have tried reading the posts but dont understand how you get the public key. So I setup mymailcrypt which is awesome utility but I only have the private key. How do I get the public key? I did a work around and sent myself and email encrypted and imported the key. Am I just not getting it. I am sorry if this is a stupid question. I am just trying to understand. I guess I am also asking, if I have a friend and I send him an email and it is encrypted how does he get my public key and he has mymail crypt installed? Thanks for the help in understanding

    1. It’s probably not something you’re doing wrong, but I’m a little unclear what you’re trying to do exactly. If you’re importing an external key it should automatically add your entry to “my keys” and “friends’ keys”. “Friends’ keys” is really just a list of public keys so you should be able to see it there (yes, I am reconsidering the name of this tab).

      As far as sharing, here’s a brief overview of the issues with sharing, but unfortunately might not give you the best answer you were hoping for… Sharing keys with friends is a hard problem to solve. Traditionally, this has been done via “keystores” which are basically a website where you upload your key and look for other peoples keys. Ideally, the way you would get this to them would be through a direct communication that isn’t easily interceptable. We still need to devise a good way to do this.

      1. Thanks root for the explanation. I understand now. My public key is under my keys and I would send that to my friend and he would import it. I tried this out and it works. Thanks for the info and not being to hard on me. I am just understanding the concepts now

        1. No worries. We’re all still learning 🙂 I’m thinking about trying to assemble some materials to help explain a lot of these concepts more easily.

  14. Hi.

    Just installed Your extension after it was mentioned in a danish radio program about internet surveillance.

    I have a suggestion for improving the ux. Entering the password is a pretty important part of the process and the input filed is simply not strong enough compared to to its surroundings. Giving it a stronger border, color symbol would make it a bit easier for future users.

    Good work.

  15. I’ve installed the extension and imported private and public keys without any problem. Thanks for that.

    I now have a problem with signing emails. I can encrypt emails, but not sign them. It throws the error “Mymail-Crypt For Gmail was unable to read your key. Is your password correct?”.

    I’ve tested the decryption too, and this works although it throws the error “Mymail-Crypt For Gmail was unable to verify this message.”.

    Do you have any idea why this happens?

      1. The signing/ signature verification in OpenPGP.js is not completely flexible and is currently being overhauled. I’m not sure why Mailvelope doesn’t support signing at all, it could be because of some of these limitations.

  16. When Im composing a new mail I have three options, Encrypt, Sign and Encrypt+Sign, right? When I just sign the mesagem, is there a way to verify a sign mail? The only button that shows is Decrypt, and it does nothing.

    Excelente app btw.

    1. Yeah, signature verification needs some work, luckily we’re working on that currently, so hopefully before too long this won’t be an issue. Thanks!

  17. We are trying to use this with some people who are using outlook and outlook express for their email clients. We have not successfully accomplished this. Is it because this only works with Gmail accounts using the MyMail-Crypt software? Or are we just not getting something?

    1. Clarify. We are using your extension, but the recipients have to use their work email clients. They are not allowed to use any other clients.

      The outlook users are easily able to get signed/encrypted messages from other senders. I do not know if the senders that are working are using commercial certs or an openpgp type of cert.

      1. Can you verify what exactly they are using for encryption? I believe most Outlook users use S/MIME which is not the same as OpenPGP. This software doesn’t work only with Gmail, but it depends on the people you’re communicating with use OpenPGP as well, (GPG, PGP, etc…)

  18. If I’ve generated my own key pair using gpg on the command line, how on earth do I paste an ‘armoured’ version of my private key when I want to import a private key?

    The man page was not very helpful :/

    Thanks

    1. Wow, just realized I missed replying to this. My apologies. In case you haven’t figured it out you probably need to figure out which key to export via:
      gpg –list-keys
      Then you can take that ID (The 8 character hexadecimal value that is before the date for each listed key, something like F49084AA) and feed that into:
      gpg –export-secret-key -a F49084AA
      That will provide you with the key you can use.

  19. Just found mymail-crypt…Like what I see. This is probably a stupid question, but I can’t seem to find the answer. Where can I find the public key for the private key that I generated through the extension.

    I’d like to share this tool with family and a lot of friends, but want to be able to write a tutorial to help them.

    1. Also, sorry for the slow reply. From the list of Extensions (accessed via Tools from the 3-bar options drop down in the upper righthand), you can access the Options for each extension. Within these options you can find your key under “friends’ keys”. I realize this is slightly confusing, it is something I hope to change shortly.

  20. Hi, I installed your extension, but when I go to options / generate new key, I fill all parameters nothing happens. No key is generated and no line (as in youtube video) is displayed under “my private keys”.
    with F12 I discovered this message:
    Uncaught SyntaxError: Unexpected token u openpgp.js:1543
    LocalStorage.read openpgp.js:1543
    What can I do to get this working? many thanks
    carlo

  21. I have tried importing a 4096 bit GPG key, but it simply refreshes the page as if no key were added. Is this common?

  22. Hi
    Thanks for the extension. It isn’t too difficult to install and it work very well.
    BUT file attached are not crypted ?
    Best regards
    Alex

  23. Hey,

    i have the same problem as the first commentator. Im german and we use these umlauts…
    The encryption is not using UTF-8 i guess..

    Is this in the works?

    Thank you

  24. I want to export the key I created for myself in mymail-crypt so I can create a revocation cert for it. How can I do this?

    Thanks!

Leave a Reply

Your email address will not be published. Required fields are marked *