As of Firefox 3.6.4 I appear to have this working again although it isn't 100% in terms of looks. However, in terms of functionality it is back in operation again!
Right click here if you know Greasemonkey and are in a hurry. Otherwise, read on a bit more...
So, you like using Gmail, but don't want other people to be able to read your email? You are probably not alone and that is where the Gmail Encryption extension enters the picture.
This is a Greasemonkey script. If you don't have it or don't know what it is, then head over to the Greasemonkey site and install that first. If you are not using Firefox, then I believe there are methods out there to help you use these scripts with other browsers, but I don't know what they are.
First time Greasemonkey users: After you have installed Greasemonkey, then come back to this page and right click on the script. The first menu option allows you to install the script.
There is now an Encrypt This! Firefox extension of this script where you can encrypt and decrypt any text.
There is now a standalone version of this script where you can encrypt and decrypt any text without the use of Greasemonkey.Some History
Originally I planned on using the Solitaire encryption algorithm devised by Bruce Schneier for the book, Cryptonomicon, written by Neal Stephenson. (As an aside, I heartily recommend this book.) However, this method has a couple of drawbacks when used to exchange regular emails rather than keeping spies safe in hostile territory.
Simple explanation and demo of public key encryption
More detailed RSA explanation - Great hand examples
Source of my AES Code
Hex to Decimal conversion
Example of the encryption in action
Text about to be encrypted:
After the encryption:
Before sending or receiving encrypted emails, you will need to create public and private keys. Key Generation is available here as well. Note that when using the script you will need to use the full key generated. E.g. paste or type pub:101:11 or priv:123:9 into the appropriate input boxes.
The subject of the email is not encrypted so it is probably not a good idea to put vital information in there.
As far as performance is concerned; I tested this with an email of 1000 characters and it took slightly less than 1 second to encrypt. Decryption took approximately 1.5 seconds. (I didn't bother writing in any timing events - this was a pure wristwatch event.)
It would be polite to decrypt an email before typing your reply and then encrypting everything again. That way the recipient will be able to read the email fully. However, this approach might have security implications that I am not aware of.
If you want to, then it is possible to use only the AES encryption by uncommenting the appropriate sections inside the script.
There is theoretically nothing preventing this script from being adapted for use with any webmail system. All that would be needed are the ID's of the various DOM elements contained within your webmail page. If somebody is interested in tackling this, then please feel free to do so. I would like a note so that I could link to your modified script from this page.
Known issues at this time: You must hit the reply button to decrypt the emails you receive.
Unfortunately the Decrypt / Encrypt buttons appear in the reading pane where they have no effect.
This script does not appear to work with versions of Firefox below 1.5.
|1.10||2010/06/25||Restored functionality again under Firefox. Chrome is not working at this point.|
|1.04||2006/12/14||AES Encryption needed more variables initialised for Firefox 2.0.|
|1.03||2006/06/04||Formatted text was losing the first line during decryption.|
|1.02||2006/06/01||Bug fix in RSA decryption routine. This prevented some emails from being decrypted after a change to the Gmail site layout.|
|1.01||2006/04/03||Minor Bug fix in AES decryption routine. This prevented some emails from being decrypted.|