Slashdot Mirror

← Back to Stories (view on slashdot.org)

Encrypt and Sign Gmail messages with FireGPG

Posted by ryuzaki0 on from the can-you-spot-the-secret-message-in-this-dept-line dept.

Linux.com (Same owners as Slashdot) has a story up about FireGPG and says "Gmail may be an excellent Web-based email application, but there is no easy way to use it with privacy tools like GnuPG. The FireGPG extension for Firefox is designed to solve this problem. It integrates nicely into Gmail's interface and allows you...
Encrypt and sign Gmail messages with FireGPG

30 of 206 comments (clear)

  1. The Fascination with Encryption by Ian+McBeth · · Score: 5, Funny

    For me, I just like to use it, to make people think I am doing something.
    Keeps the snoops on their toes.

    1. Re:The Fascination with Encryption by Bromskloss · · Score: 5, Funny

      For me, I just like to use it, to make people think I am doing something. Keeps the snoops on their toes.

      I keep them on their toes by acting completely normal, having them looking for steganography.

      --
      Swedish plasma phys. PhD student; MSc EE; knows maths, programming, electronics; finance interest; seeks opportunities
    2. Re:The Fascination with Encryption by Bromskloss · · Score: 4, Funny

      Well, have you found the hidden message in the parent post yet?

      --
      Swedish plasma phys. PhD student; MSc EE; knows maths, programming, electronics; finance interest; seeks opportunities
    3. Re:The Fascination with Encryption by u8i9o0 · · Score: 4, Funny

      I keep them on their toes by acting completely normal, having them looking for steganography.
      Well, have you found the hidden message in the parent post yet?
      Sorry, there is no hidden message.
      1. You noted that you use encryption when acting normal.
      2. However, you were posting on /. which has been established (quite conclusively) as abnormal behavior.
      3. Since you were not "acting completely normal", it is obvious that you were not employing any encryption scheme.
      4. :)
      5. Profit!
      --
      This is not my sig
    4. Re:The Fascination with Encryption by MyOtherUIDis3digits · · Score: 5, Insightful

      Man, I miss the days when a post like that would have made me laugh and I would have called you a loon...

      --
      Ignore anything I said above, I actually agree with everything you believe - mod accordingly.
    5. Re:The Fascination with Encryption by Warg!+The+Orcs!! · · Score: 4, Funny

      My wife uses one-time pads but I wouldn't send them in the mail.

      --
      Travelling forward in time at a rate of 1 second per second.
  2. And for the chat by DrYak · · Score: 4, Informative
    And if want PGP encryption for chat (Gmail's associated GTalk or any other protocol like MSN, etc.) there is Pidgin (formely Gaim) with plugins :


    --
    "Sufficiently advanced satire is indistinguishable from reality." - [Tips: 1DrYakQDKCQ6y52z6QbnkxHXAocMZJE61o ]
    1. Re:And for the chat by stinerman · · Score: 4, Insightful

      Note that OTR is "better". From the OTR site:

      How is this different from the gaim-encryption plugin?
              The gaim-encryption plugin provides encryption and authentication, but not deniability or perfect forward secrecy. If an attacker or a virus gets access to your machine, all of your past gaim-encryption conversations are retroactively compromised. Further, since all of the messages are digitally signed, there is difficult-to-deny proof that you said what you did: not what we want for a supposedly private conversation!

  3. I wouldn't think google would like this by kentmartin · · Score: 5, Interesting

    I thought their business model worked on the idea that they could datamine all your email and (among other things) offer you targeted email based on the content therein... this'll screw with that idea...

    "BUY jjhHDJEy6786ERLKLXhdfeprERIOUPewoenOIhgshgrgeyrew now for a low price on Ebay.co.uk"

    1. Re:I wouldn't think google would like this by morgan_greywolf · · Score: 4, Funny

      Nah, they'll just start sending 'Soldier of Fortune Magazine'-type ads at you.

      --
      My blog
    2. Re:I wouldn't think google would like this by CreatureComfort · · Score: 4, Insightful


      So... you are saying that the NSA has the ability and desire to break every ElGamel 2048-bit length encrypted message it captures with Echelon? I've seen too much of government from the inside to think that any agency operates as well as the NSA FUD would have us believe. Especially when you realize it is far easier and cheaper to make your enemies believe you have super powers than it is to actually develop those super powers, completely in-house with no outside knowledge or help.

      --
      "Unheard of means only it's undreamed of yet,
      Impossible means not yet done." ~~ Julia Ecklar
  4. Re:Nerds with something to hide by morgan_greywolf · · Score: 5, Funny

    I don't understand this fascination with encryption. Why do people use it. Is it because you're hiding something illegal? It's kiddie porn isn't it? Be honest!


    Nope. It's secret terrorist plots to overthrow the tyrannical American Government!

    Oh, wait! I wasn't supposed to say that, was I?

    --
    My blog
  5. Altered for slashdot by LiquidCoooled · · Score: 5, Funny

    -----BEGIN PGP MESSAGE-----
    Version: GNUPG v0.4.0 (GNU/Linux)
    Comment: Wonderful
    ewurnfi3u834j9few4jf9oewfqvi7y&H*&HAwr8hw78er7hfw8 f7hh4839h47f7e
    wf8943f89jw3r8j9fesajaejro5gvl;rhyklyfp[ult0h43jg8 394g84953jgf84
    fnw98efj89324rtuerjgeiorgtjerilgtjireogniregunreng erniguiregt980
    werj
    -----END PGP MESSAGE-----

    I have nothing more to add

    --
    liqbase :: faster than paper
    1. Re:Altered for slashdot by kypper · · Score: 5, Funny

      You want me to do what with hot grits?

  6. Re:Nerds with something to hide by fluch · · Score: 5, Insightful

    It is just that I don't want anybody to intrude my privacy. Do you close the envelope of a regular snail-mail letter? If so, do YOU have something to hide??

  7. Re:Nerds with something to hide by joe_cot · · Score: 5, Informative

    I don't actually use it for encryption; I use it for verification.

    Besides encryption, GPG also allows you to sign messages, ensuring that the message is indeed from you, and hasn't been modified after you've signed it. In the Ubuntu Community, this is important for a) verifying messages from developers are real, b) verifying that uploaded packages were created by trusted developers, c) verifying signatures (such as signing the code of conduct).

    While FireGPG is useful, it's not so useful for signing messages; gmail auto-wordwraps messages after you send them, and FireGPG doesn't take that into account. Therefore, unless you wordwrap it yourself, gmail's going to add line breaks, and your signature will be invalid. When I need to sign messages, I either word wrap myself so that gmail doesn't, or send it through Thunderbird using Enigmail.

  8. Re:Does not this break GMAIL's business model? by $RANDOMLUSER · · Score: 5, Funny

    If all/most of my messages are encrypted, how will they know, what to peddle to me?
    Aluminum foil. Survival equipment. Wellbutrin.
    --
    No folly is more costly than the folly of intolerant idealism. - Winston Churchill
  9. Say 'no' to gaim-encryption, use OTR by Kadin2048 · · Score: 4, Interesting

    OTR is miles better than the gaim-encryption/pidgin-encrypt. Honestly, I don't understand why they won't just kill it and move to OTR for good; it's a fundamentally better security model for something transient like instant messages.

    Particularly since having two mutually-incompatible encryption packages is a pretty crummy state of affairs; it just means that the few users who do use encryption, are going to be fragmented between incompatible systems.

    OTR probably has the greatest market penetration of any IM-encryption system, outside of corporate clients (Sametime, I think, uses encryption by default, although I don't think it's end-to-end, only client-server, because there they want the ability to intercept on the server), because it's built into the fairly popular OS X Adium client. So there's already quite a few users out there who have software that supports it. If only some of the other IM clients would start building it in by default, rather than making it an optional addon, I think it would quickly gain traction as a de facto standard. (And that would be a good thing, since it's a good system and open source.)

    --
    "Ladies and gentlemen, my killbot features Lotus Notes and a machine gun. It is the finest available."
  10. Re:Nerds with something to hide by SCHecklerX · · Score: 5, Informative

    You are forgetting about authentication. Email is trivial to spoof. If you *always* sign your messages, then when some asshat, say, decides to send an explicitly detailed nastygram to your boss from 'you', it is easy to prove otherwise...

    Or maybe from your secret lover, etc. You get the picture.

  11. Re:Or you can use an actual mail client by Enoxice · · Score: 4, Informative

    Psh, Lynx. Get with the times, man, everyone is using links2 (perhaps links2 -g if they want to be on the bleeding edge).

    --
    Anyone else think the comments just weren't rendering right before they turned off ABP and saw ads?
  12. Re:Nerds with something to hide by brunascle · · Score: 4, Funny

    perhaps because i'd like to send an email from work to my GF with something like "hey wanna fuck tonight?" and i'm not particularly keen on the network guys reading that.

  13. Re:Nerds with something to hide by daeg · · Score: 4, Funny

    Clever. Hiding your kiddie porn encoded in anarchist rants! I'm onto you, buddy!

  14. Works with any textarea, by the way by croddy · · Score: 5, Informative
    This works with any textarea, by the way, not just GMail. Not sure why the summary doesn't mention that.

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    This works with any textarea, by the way, not just GMail. Not sure why the summary doesn't mention that.
    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.4.6 (GNU/Linux)
    Comment: http://firegpg.tuxfamily.org/

    iD8DBQFGZDU/WCKEX KsCq6IRAvAtAJ96BAdus/rVCXS+NxlEbMsDdNxTCgCfe+da
    T yi/KWbgNLQUq/qssCj2YR4=
    =Y2mA
    -----END PGP SIGNATURE-----
  15. Re:Nerds with something to hide by toleraen · · Score: 5, Insightful

    I generally close the envelope of snail mail so the mail doesn't fall out.

    I use security envelopes to obscure the contents of my mail. You probably would want to use that as an analogy instead.

  16. Re:Point & Click Encryption? by Kadin2048 · · Score: 4, Insightful

    Where is the it-just-works email encrytion for dummies?

    AFAICT, it doesn't exist. At least not outside of corporate environments. There are lots of companies that have their encryption set up so that it's transparent to non-technical employees, but it's a lot of work for the people who actually make it run. Lotus Notes, for instance, will do public-key cryptography, using company-wide keyservers -- although it's a proprietary algorithm, or was last time I checked. Once you have the infrastructure in place, the users don't have to think much about it, besides clicking 'encrypt and sign' on the emails they want secured.

    I've also heard that within Apple, they use Apple Mail with S/MIME to great effect ... but if you're just a regular user, getting that feature working is a real PITA. (Though admittedly, most of the trouble is because of the certificate authorities.)

    I think the problem with the free encryption tools is that they're still very much a 'hacker's product,' being designed by fairly advanced users, for other advanced users -- or at least, for users who don't have a problem installing extra software in order to communicate securely. This, IMO, is a mistake; in order for an encryption system to be useful, it has to be widely used. And that means getting it into the hands of people who might not even think, in advance, that they want it. There are lots of people who aren't going to go out and download/install encryption software, but if the feature was there, and working, all the time, they'd probably find themselves clicking the 'Encrypt' button quite a bit.

    There's no real reason why encryption can't be built in. It's just that it tends to get viewed as a peripheral, rather than core, feature, in everything except some corporate packages. However, I think that if it was incorporated more widely, it would quickly become a core feature; but getting over that 'chicken and egg' hump is hard.

    --
    "Ladies and gentlemen, my killbot features Lotus Notes and a machine gun. It is the finest available."
  17. Re:Nerds with something to hide by Anonymous Coward · · Score: 5, Insightful

    So if you "always" sign your messages, then you can tell off anyone you want as long as you don't sign it. Brilliant!

  18. Won't AJAX textboxes kill this? by biftek · · Score: 5, Interesting

    I haven't used gmail that much, but I was under the impression that it saved drafts of what's in the composition textbox at intervals.

    That data would be all cleartext wouldn't it? Seems a tad risky to me.

  19. Your girlfriend called... by xxxJonBoyxxx · · Score: 5, Funny

    Hey, your girlfriend called. She said she couldn't read the garbled message you sent. However, I passed on your "wanna...tonight" message to her and she said "yes" but I don't think your name came up. So...if you don't mind, I'd like to get out a little early tonight...

  20. Re:Nerds with something to hide by iago-vL · · Score: 5, Funny

    Or maybe from your secret lover, etc. You get the picture.
    It's that Cathy, isn't it? She's always trying to break up Alice and Bob!
    --
    http://www.skullsecurity.org/blog/
  21. Re:Nerds with something to hide by ChrisMounce · · Score: 5, Funny

    Anonymous Coward is hoping to make a fortune on Patent #53892647956403765437856348756438756487563, "Method for tucking the flap inside the envelope".