Secure email could be the Holy Grail of our digital times.
Google has just released an email encryption tool in the form of an “alpha” Chrome extension. End-To-End should help the less geeky among us encrypt, decrypt, digitally sign, and verify signed messages within the browser. It follows the OpenPGP standard. The Chrome extension is Open Source (under the Apache 2.0 license) and is available as an alpha version now.
Do note that it is not available in the Chrome Store yet, but the code is available for testing by the online community.
The working is uncomplicated sans the glamour of the cloak and dagger stuff. Any email sent from any online email program on the Chrome browser will be encrypted until the message’s intended recipient decrypts it. Similarly, any encrypted messages sent to you will remain that way until you decrypt them in your browser. End-To-End is meant for everyday use by normal folks who could be scared off by the more technical encryption tools.
While end-to-end encryption tools like PGP and GnuPG have been around for a long time, they require a great deal of technical know-how and manual effort to use. To help make this kind of encryption a bit easier, we’re releasing code for a new Chrome extension that uses OpenPGP, an open standard supported by many existing encryption tools.
End-To-End will give emails an added layer of security. It also coincides with the launch of Reset The Net, an anti-snooping public campaign supported by Google and other tech companies.
Google says that only the body of the email will be encrypted, not the email subject line and list of recipients. Google is relying on the user community to test the code and plug any holes. To that effect, it is using its Vulnerability Reward Program as a financial carrot for security developers who find any bugs.
End-To-End could cramp hackers and privacy threats. But will it stop the NSA in its tracks? Probably not in the long run (heard about the Quantum Computer?), but it could stretch their resources and require a massive jump in terms of effort from current snooping programs.
Source: Google Online Security Blog