Gmail Encrypt

Important Update

As of Firefox 3.6.4 I appear to have this working again although it isn't 100% in terms of looks. However, in terms of functionality it is back in operation again!

Right click here if you know Greasemonkey and are in a hurry. Otherwise, read on a bit more...

So, you like using Gmail, but don't want other people to be able to read your email? You are probably not alone and that is where the Gmail Encryption extension enters the picture.

This is a Greasemonkey script. If you don't have it or don't know what it is, then head over to the Greasemonkey site and install that first. If you are not using Firefox, then I believe there are methods out there to help you use these scripts with other browsers, but I don't know what they are.

First time Greasemonkey users: After you have installed Greasemonkey, then come back to this page and right click on the script. The first menu option allows you to install the script.

There is now an Encrypt This! Firefox extension of this script where you can encrypt and decrypt any text.

There is now a standalone version of this script where you can encrypt and decrypt any text without the use of Greasemonkey.

Originally I planned on using the Solitaire encryption algorithm devised by Bruce Schneier for the book, Cryptonomicon, written by Neal Stephenson. (As an aside, I heartily recommend this book.) However, this method has a couple of drawbacks when used to exchange regular emails rather than keeping spies safe in hostile territory.

• You need to exchange the keys and deck in some secure manner prior to sending the emails.
• It will require a separate deck and key to be kept safe for each person you correspond with in an encrypted fashion.
• Going back and decrypting old emails will require you to keep versions of the deck saved with each email. This is not only tiresome, but can probably be used by an attacker to break your encryption.

With this in mind, I decided to go with public key encryption. I have implemented an RSA type scheme in Javascript. Naturally this is somewhat more cumbersome in GreaseMonkey as the entire scheme needs to live together inside one large file. This, however, solved a number of issues I had with the Solitaire idea.

• Keys can be exchanged securely as you can safely place your public key anywhere.
• Although a seperate public key is required for each person, because they are maintained publically, it is significantly easier to keep track of them.
• All your received emails can be decrypted at any time using your private key. (You still need to keep track of any emails sent in a secure fashion, presumably by encrypting them a second time with your public key.)
• The private key, obviously, needs to remain private for this to work. I wouldn't recommend saving it in an email on the same system that you will be using this script with.

Public key encryption has one major problem and it is especially noticeable in a scripting language like Javascript. It needs a lot of horsepower - especially on the decryption side! So to prevent your machine grinding to a halt if you want to send emails longer than one character, for example, the actual message is encrypted using AES. The keys to AES are then encrypted using RSA. That gives the receiver a small amount of RSA descryption to work through and the bulk of the decryption then takes place using AES which is much less processor intensive.

Text about to be encrypted:

After the encryption:

Before sending or receiving encrypted emails, you will need to create public and private keys. Key Generation is available here as well. Note that when using the script you will need to use the full key generated. E.g. paste or type pub:101:11 or priv:123:9 into the appropriate input boxes.

Due to the fact that Javascript can not handle stupendously large numbers in a timeous fashion, even with the BigInt functionality, this encryption is not bulletproof. This routine will conveniently encrypt your emails well enough to prevent your coworker and probably your employer from reading your emails. However, if you decide to annoy somebody working for the NSA then DO NOT be surprised if some bulky guys pull up at your front door in a black SUV. On the other hand if everybody encrypted the bulk of their emails on a regular basis then they would probably have a hard time keeping up with the cryptography as well. (If you want to be more secure then encrypt your text using something like PGP and then copy and paste it in the email.)

The subject of the email is not encrypted so it is probably not a good idea to put vital information in there.

As far as performance is concerned; I tested this with an email of 1000 characters and it took slightly less than 1 second to encrypt. Decryption took approximately 1.5 seconds. (I didn't bother writing in any timing events - this was a pure wristwatch event.)

It would be polite to decrypt an email before typing your reply and then encrypting everything again. That way the recipient will be able to read the email fully. However, this approach might have security implications that I am not aware of.

If you want to, then it is possible to use only the AES encryption by uncommenting the appropriate sections inside the script.

There is theoretically nothing preventing this script from being adapted for use with any webmail system. All that would be needed are the ID's of the various DOM elements contained within your webmail page. If somebody is interested in tackling this, then please feel free to do so. I would like a note so that I could link to your modified script from this page.

Known issues at this time: You must hit the reply button to decrypt the emails you receive.
Unfortunately the Decrypt / Encrypt buttons appear in the reading pane where they have no effect.
This script does not appear to work with versions of Firefox below 1.5.