FireGPG is a Firefox addon that allows you to encrypt gmailmessages and send encrypted email from Gmail with ease. It uses GnuPG, which is a program that utilizes public-key cryptography for securing the messages. Public key cryptography is probably the most widely used method for securing data, as it quite effective when used properly.
Public-key cryptography makes use of public and private key pairs for encrypting and decrypting data. Anyone can encrypt a message with a public key, but only the private key can be used to decrypt it. NEVER give your private key to anyone else. DO give your public key to others if you wish for them to send you encrypted messages.
In order for you to encrypt Gmail email and send encrypted messages to others, you must use the recipients’ public keys so that they will be able to decrypt the messages. If you are interested in establishing secure email communications with others, you will want to direct them to this article if they are unfamiliar with PGP.
Before installing the FireGPG addon, you will first need to download the proper GnuPG binary for your operating system and install it. After you’ve downloaded and installed GnuPG, you can then download and install FireGPG. Once you’ve installed both, launch Firefox and log into Gmail.
First, you will need to import your friends’ public keys. You can do this with the FireGPG Key Manager. You can launch the key manager from the Firefox menu bar if you navigate to Tools > FireGPG > Key manager.
The easiest option is to just import from a key server, if you friend has uploaded his public. Let’s say his email address is firstname.lastname@example.org. In a real search, you would only get one result (more if your friend has created more than one public key), but here’s what the search results for email@example.com looks like:
Once you’ve imported your friend’s key, you can send him an encrypted message. You should probably also generate your own public key and upload it to the server, so that he will be able to respond to you with encrypted messages as well.
You can create your own public/private key pair by clicking the New key button in the Key manager. Enter all of the pertinent information, and choose a strong password. Choose something you can remember without writing it down, but not something that someone else would be able to figure out. Including numbers and symbols is a good idea as well.
Once you have your friend’s public key and your own public/private key, you are ready to send an encrypted message. Visit Gmail, compose a message as you would normally, and before you submit it, be sure the lock image is colored (not gray). If it is gray, click the Encrypt link to enable it.
Although it isn’t required, it is a good idea to sign the message as well. Your friend can verify the message came from you by verifying your signed message with your public key. A valid signature can only be sent with a private key and verified with the corresponding public key.
Click Send. If you chose to sign the message, you will be prompted to provide the password for your private key. Your friend will receive your message and should be able to decrypt it with his private key and password.
Please note that while you are composing a message, if it is autosaved it will be placed onto Google’s servers. While residing there, it will not be encrypted. Your messages will not be encrypted if they are autosaved while you are composing them.
If this concerns you for any reason and you want to take extra precautions, there is an option in FireGPG to disable Gmail’s autosave feature. From the Firefox menu bar, navigate to Tools > FireGPG > Options and go to the Gmail tab.
Alternatively, if you do not want to disable autosave you can use FireGPG’s text editor to compose the message. After composing the message in the text editor, you can then sign, encrypt, save it to the clipboard, and paste it into the Gmail message composition box.
What do you think of FireGPG? What other tools do you use for sending encrypted emails with Gmail?