WebMail Encryption with Mailvelope

Email encryption is something I’ve always pushed for to whomever is willing to listen! One of the hardest part when it comes to email encryption is the user factor. Many users just don’t see a need to use a desktop email client just to implement some type of email encryption. Many of us are more familiar with accessing our emails right within our web browser. The problem is that many, if not all, web email providers such as Google, Yahoo and Microsoft fails to implement one of the most popular email encryption methods out there, OpenPGP, into their interface. To put it in simple terms, we currently do not have a integrated method of encrypting and decrypting emails from traditional browsers such as Google Chrome and Firefox. The theories of why this is I will leave it to you, the readers, to decide on but one thing is certain to me. Email encryption is sorely needed in this digital time and age and the more users demand of it, the more pressure we put on the email providers to give it to us. Just because you have nothing to hide does not mean you don’t have a need for email encryption. Just as you don’t have “anything to hide” with your laptop doesn’t mean you are willing to give it up for inspection by some government agency! Well, here in this article, I will go over one of the more promising looking web browser extension out there that will allow us to encrypt and decrypt our emails all within our browser!

Mailvelope

At the moment, Mailvelope is only supported for email encryption and decryption with OpenPGP! Email signing and verification is not yet supported, although the developer says that it will be incorporated into the extension in the future. Therefore, if you absolutely require signature signing and verification of emails, Mailvelope will not be your cup of tea. However, please do keep a lookout for this extension because I really believe it has a lot of potential. Also, you can subscribe to the developer’s Twitter account for updates of the extension.

Mailvelop is a browser extension for Google Chrome’s browser along with Mozilla Firefox, although the latter is still in development. An early preview version is still available at the time of this writing (version 0.5.5). What sets Mailvelope apart and makes it so interesting from the few other extensions I’ve tried in the past is its flexibility. Mailvelope, once installed, is able to work within both Gmail, Outlook, Yahoo and GMX webmail interfaces! Many of the other extensions I’ve tried were locked down to mainly Gmail since it is one of the more popular services. With Mailvelope, you no longer have to worry about which mail service you use! The also neat aspect of the extension is that you also get to add other services to utilize Mailvelope! For example, I have an email account with Fastmail.us, which I believe is operated by Opera. By default, Mailvelope won’t recognize that email service but with a click of a button, I can instantly start encrypting and decrypting emails in Fastmail just like how I could with Gmail and Yahoo!

Installation and Configuration

In this article, I will be using Mailvelope within Google Chrome. Installing the extension is as simple as finding it in the Chrome Web Store and installing it like how you would with any other extension! Because I’m such a nice guy, you can find the link to install Mailvelope down below. Hey, that saves you one extra step right?!

You can download Mailvelope from here. For more general information about Mailvelope such as documentation, visit their homepage.

Once installed, the first configuration step is to import our private and public keys into the key ring. Sadly, Mailvelope doesn’t support the import of a previous key ring and so what we need to do here is import each and every single private/public key in your library into Mailvelope. To do so, click on the Mailvelop icon at the top right corner and select the Options setting. Of course by default, your key ring is devoid of any keys:

Empty Key Ring

Mailvelope does include the option of generating your own key pair for you but I already have my own key pair so I have to perform an import.

Generate New Key Pair

If you click on the Import Keys link, you will see a big text box. Here is where you have to manually copy and paste the PGP block text that makes up your private and public keys. You’ll have to do this for each and every private/public key you want to use with Mailvelope. The bad news is that the extension does not allow one to select a .asc key file and import it that way. The good news is that we can at least paste multiple keys within the text box to import multiple keys at once, although you’ll still have to open each key you have in Notepad or a similar text editor.

For each private key you have, you’ll most likely see both the public key portion along with the private key portion. For every recipient public key, you’ll obviously see just the public key portion. What you need to do is copy this block of gibberish text into Mailvelope. Below, you can see that I’ve opened my private key for awbtesting808@outlook.com within Notepad:

Key Blob

Below that part is my private key, which looks similar except it says “PRIVATE KEY BLOCK” instead of PUBLIC. I simply copy this entire text and paste it into Mailvelope as such and click on the Submit button. If everything goes as planned, you should see two green success messages stating that the import process was successful. For the purposes of this demo, I will also import the public key of my other email account, anotherwindowsblog@gmail.com.

Key Import

Import Success

If I head back to my Key Ring section, I can now see that I have my public/private key for my main email account and the public key of the email account I will send encrypted email too.

Key Ring

As far as setup goes, I am now prepared to send encrypted emails to one of my recipients along with being able to decrypt emails sent to me with my private key within Mailvelope!

Sending Encrypted Emails

Mailvelope at this time does not support encryption of attachment files in the emails so please keep that in mind! Want to test Mailvelope? Simply download my public key here (right click, save-as) and send me an email at anotherwindowsblog@gmail.com.

For this quick demonstration, I will log into my test email account, awbtesting808@outlook.com and create a new email to anotherwindowsblog@gmail.com. You can easily see the Mailvelope lock icon right in the area of where I compose my email body. The one area of concern is saved drafts of your emails. Periodically, your email provider will automatically save a copy of the email you are composing to the Drafts folder. This is so you can get back to it at a later point in time. The bad news here is that the saved copy is saved in plain text! Once you send the email though, the Draft copy will be deleted but a cached copy probably still exists on the servers of your email providers.

Also, all encryption and decryption is done locally on your computer using Javascript.

Lock Icon

Clicking on this icon presents us with a pop up box allowing us to simply choose to which recipients to encrypt the email for. Of course, the drop down box will only include recipients for which you have added a public key for. Here you can see that I’ve selected to include both my sending email account along with the recipient. I chose to this because Mailvelope doesn’t include an option to automatically encrypt all emails you send with your own public key. Without doing so, you will not be able to re-read the email message within your “Sent” email folder! You can also choose to encrypt the email as HTML or plantext.

Recipients List

Once I hit the OK button, you’ll see the familiar blob of text that indicates your email has been encrypted!

Encrypted Email

Decrypting Emails

I have now received the encrypted email in my Gmail inbox. Mailvelope automatically recognizes the encrypted message and will allow me to decrypt it as seen below. All I have to do is hover my mouse within the message which will change to a padlock icon, click once and Mailvelope will ask me for the passphrase of my private key. Once that is entered correctly, I can then read the message back in plaintext!

Mailvelope Decrypt

Passphrase

Decrypted

Adding New Pages

As I mentioned in the beginning, what makes Mailvelope so awesome is its ability to allow you to manually add different pages to integrate Mailvelope. In this example, I will quickly and easily show you how to integrate Mailvelope into the Fastmail email service!

First I’ll need to log in to my Fastmail account and compose a new message. Once here, I simply click on the Mailvelope extension icon and select the “Add Page” option setting. Mailvelope will add a new record for the new web page and all I have to do next is hit the “Save changes” button as seen below:

Add Record

Now, when I re-login to Fastmail and compose a message, I see the familiar Mailvelope padlock icon! Although I don’t have a key pair for this email account, I can still send encrypted mail to any recipients I have a public key for due to the Mailvelope extension.

Fastmail Integration

In the End…

As you can see, it doesn’t take much to use the Mailvelope extension in Chrome. This is one of the better OpenPGP browser extensions I’ve found and one that works exactly as advertised. With other extensions, it either had a problem importing keys to not being able to correctly encrypt the email message. Suffice it to say, there’s not much OpenPGP browser extensions to begin with but Mailvelope is definitely something I hope will mature and improve over time.

With that being said, there are many things that Mailvelope can improve on. For one, and this is a big one, there must be signing and signature verification. I’d rather not see this implemented until the developer gets it right than delivering something that doesn’t work outright or is broken but this is one big thing that prevents Mailvelope from being used full time. I believe the developer also is trying to fix the “plaintext draft” issue where prior to sending an email, a draft of that email is saved on the servers of the email provider. I wouldn’t also mind seeing a better way to import public keys rather than doing a manual copy and paste. Finally, I’m sure if this extension takes off, many users will want a better way to mass export/import their keys and settings of Mailvelope to quickly and easily set it up on different machines.

As it stands, Mailvelope is definitely something you should keep an eye on. I’m sure a lot of OpenPGP users out there would love for major email providers to build a native interface that allow users to implement OpenPGP but I’m sure that’s not happening anytime soon! Therefore, we have to rely on extensions and plugins such as Mailvelope to fill in the gap. Once this extension gets more fine-tuned, it would be a huge break for OpenPGP users all over the world who don’t wish to use a dedicated desktop email client such as Thunderbird and Outlook. .

VN:F [1.9.22_1171]
Rating: 5.0/5 (2 votes cast)
WebMail Encryption with Mailvelope, 5.0 out of 5 based on 2 ratings

Comments

  1. Maneesh Massey says:

    Does Mailvelope support attachments too in this new version ???

  2. Nice one but the problem is the person you are sending the email needs this addon installed on his browser. But I give mailvelope 5 Stars.

    • Hey AJ,

      While that is true, this is no different than requiring the recipient to install a third-party addon in Outlook or Thunderbird to be able to read the email. The reason why we love Mailvelope so much is due to its ease of use compared to browser alternatives. But the main problem as always is that an extra “something” needs to be done in order for the masses to utilize OpenPGP email encryption and that in itself scares people away.

      I have heard of Google actually having a beta to test email encryption in Gmail but I haven’t followed up on it.

  3. Maneesh Massey says:

    Hi,
    I would like to use Mailvelope with Outlook 2013. I installed a digital ID from COMODO into my Outlook account. Now how should I mail the public key from Outlook into Mailvelope and then export my public key from Mailvelope to Outlook so I can encrypt message between the two.
    Thanks.
    Kind Regards,
    Maneesh

  4. Shackrock says:

    How can I open these on iOS 7 native mail app?

  5. They don’t want encryption because they cannot scan your email content for ads if it’s encrypted!

    I am with you. Encryption is just smart.

    • Yes sir! It’s already been going around that the government is collecting billions of emails and possibly phone records per day. Email and voice encryption is something we definitely something we need to work towards on but it seems that we are at the mercy of the “corporations” unless we learn to take actions ourselves.

    • I agree

Speak Your Mind

*


(humans only, please) *