PINDROP BLOG

Google Pushes Encrypted Email System Out Into the World

People have been trying to find a replacement for PGP almost since the day it was released, and with limited success. Encrypted email is still difficult to use and painful to implement in most cases, but Google has just released a Chrome plugin designed to address those problems.

The new E2EMail extension doesn’t turn a user’s Gmail inbox into an encrypted mail client. Rather, it is a replacement that gives users a separate inbox for encrypted messages. The system is built on Google’s end-to-end encryption library, and the company has released E2EMail as an open-source project.

“E2EMail is a simple way for non-technical users to exchange private text mail over Gmail, but is not a fully-featured email or OpenPGP client. It is a Chrome app that runs independent of the normal Gmail web interface. It behaves as a sandbox where you can only read or write encrypted email, but is otherwise similar to any other communication app,” the documentation for the extension says.

“When launched, the app shows just the encrypted mail in the user’s Gmail account. Any email sent from the app is also automatically signed and encrypted.”

E2EMail implements the OpenPGP specification for email encryption, and Google has designed the system to ensure that the plaintext version of the email never leaves the client. The release of E2EMail comes a few weeks after Google announced the release of Key Transparency, a system that can serve as a directory for public keys and other information.

“E2EMail in its current incarnation uses a bare-bones central keyserver for testing, but the recent Key Transparency announcement is crucial to its further evolution. Key discovery and distribution lie at the heart of the usability challenges that OpenPGP implementations have faced. Key Transparency delivers a solid, scalable, and thus practical solution, replacing the problematic web-of-trust model traditionally used with PGP,” KB Sriram, Eduardo Vela Nava, and Stephan Somogyi of Google said in a post announcing the mail extension.

Encrypted email has enjoyed a renewed popularity in the years since the Snowden revelations about NSA surveillance, but many non-technical users have discovered that these systems can be challenging to use. Many companies and independent developers have tried to solve this problem, with the most recent notable example being the relaunch of Lavabit, the encrypted mail service that Snowden used before it was shut down three years ago.

Image: Cairo, CC By license.

Webinar: Call Center Fraud Vectors & Fraudsters Analyzed