« Another PodSafe site!?
A joke »

GPG with GMail?

I’m facing this “problem” for a long time now. How to effectively use GPG encryption/signing with gmail/webmail?

Well, one solution is to use a POP/IMAP program to fetch the mail from the server and decrypt/sign-check it locally (if possible inside the mail program). This is quite common, but where is the point of having webmail if you need local program to use it?

So, what are the other options?
1. Have GPG-magic happen on the server-side
2. Have GPG-magic happen locally, through browser.

Obviously first option is no more safe as plain text emails. Trusting someone, let alone ISP, with your gpg secret key is like replying to penis enlargement spam - you get f*cked!
Besides that, encryption/decryption is not exactly the most CPU saving process and ISPs probably couldn’t bare the load.

So, it should be user/browser-side based, keys stored locally and gpg running on local CPU.
The problem with this is that there is no browser out there that includes such a functionality! Is it really that hard to use some JavaScript to handle the text and some system calls to handle the keys and encryption?

Oh, wait, this is not so hard at all! Actually, it has already been done! And it works with a Mozilla program! Thunderbird’s Enigmail is just that - some JS and XUL wrapped arround system calls to gpg! And it’s in a shape of an extension. And what else uses extensions? Mozilla Firefox! And what is Firefox? A browser! And can interact with WebMail! Eureka! :)

So, how come no one “ported” Enigmail extension to Firefox? Is it really so hard? Is it really so different? Is it really so impossible to use a focused text field as input source, display some dialogs with XUL (just as in TB), pass everything to external gpg binary and then its output back to that focused text field?

I’m no JS/XUL/Mozilla hacker and I don’t know nothing about extensions and how they work, but… is it really so hard?

This entry was posted on Wednesday, January 18th, 2006 at 04:26 and is filed under Programming, Web. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

12 Responses to “GPG with GMail?”

  1. Tim Kersten Says:
    January 28th, 2006 at 00:12

    Totally agree!!! Surely it can’t be that hard. There’s already an extention for firefox that adds a delete button to the gmail interface. Can it be that had to then integrate enigmal into the gmail interface?
    I would love to do it myself, but college and work are taking too much time, so I don’t have enough time to learn XUL properly. Hail to the hero who modifies enigmail and plasters it onto the gmail interface!!!

  2. aklis Says:
    February 8th, 2006 at 11:11

    I think that greasemonkey could be useful :/. Just wait…

  3. dana Says:
    February 9th, 2006 at 21:07

    Yeah… No shit. I emailed a feature request to google in the meantime… I need this yesterday.

  4. genital warts Says:
    February 16th, 2006 at 21:17

    Great post, I’ve always wondered about that.

    Thanks!

  5. Swe3tDave Says:
    May 13th, 2006 at 17:57

    There is an encryption plugin for firefox: Gmail S/MIME, maybe it could be modified to use GPG?

    http://richard.jones.name/google-hacks/gmail-smime/gmail-smime.html

  6. Uros Says:
    May 18th, 2006 at 10:35

    Thanks for the link! :)

    I’ll look into it.

  7. Dan Kurtz Says:
    June 27th, 2006 at 07:29

    Summer of code to the rescue! (eventually)

    http://code.google.com/soc/shmoo/appinfo.html?csaid=5A57C4E0F2ED21E9

  8. tg Says:
    July 1st, 2007 at 16:35

    In case you haven’t found it within the past year, try http://firegpg.tuxfamily.org/

  9. Tom Says:
    July 7th, 2007 at 11:49

    Thanks tg!

  10. John Doe Says:
    August 12th, 2007 at 13:06

    props tg!

  11. Niels de Vos Says:
    December 11th, 2007 at 15:03

    Way to go tg: FireGPG it is!

  12. tom Says:
    September 8th, 2008 at 09:26

    Go for Firefox add ons, search FireGpG That works and is tested to be fully integrated.

    Tom

Leave a Reply