back to article Browser plugin brings strong crypto to Google webmail

Software developers have released a JavaScript implementation of the OpenPGP encryption message format that allows users to encrypt and decrypt communications within web-based mail services. GPG4Browsers is currently available only as an extension for the Google Chrome browser for integration with Gmail. It works with all …

COMMENTS

This topic is closed for new posts.
  1. Tom 35 Silver badge

    If Google can't read your email anymore

    Will they see to it that the plugin has a fall down the stairs maybe?

  2. Havin_it
    Go

    Public computers

    Mozilla might even have a jump on this. The Firefox Sync system already offers the means to authenticate and download private data to a public machine, and the encryption is implemented in JS client-side. It could conceivably be used as a way of accessing your private GPG keys securely when on the road too, as long as nothing was cached unsafely. Just a thought...

  3. Barney Carroll
    Childcatcher

    JS crypto — just say no

    While Gmail is all HTTPS, and plugins (can) allow relatively sandboxed execution environments, the browser as we know it is simply not the place to handle cryptography. Attack vectors are simply too numerous.

    When I refer to the browser 'as we know it', I'm specifically referring to something which silently and continuously auto-updates, changing its code routinely, and bringing out glitzy interesting features as a priority over solid, safe implementations. I don't know exactly how Chrome's plugin sandboxing works now, but even if I did I wouldn't in a month's time.

    This product brings in some crucial safety belts not addressed specifically in the article below, but it's a good indication of why most people should be suspicious of front-end based security methods:

    http://www.matasano.com/articles/javascript-cryptography/

    Javascript is ubiquitous, ultra-accessible and can run anywhere. Those aren't features you want in the execution of exclusive safety mechanisms.

  4. janimal

    cut n' paste?

    Since you have to import your keys you obviously already have some public key encryption system installed already so what's the point?

    It's really not that hard to encrypt & paste or copy & decrypt is it?

  5. teknopaul Silver badge

    old news

    FireFox pgp plugin has existed for years

This topic is closed for new posts.

Biting the hand that feeds IT © 1998–2019