Digitally Sign & Encrypt GMail Emails

There is an excellent guide on how to digitally sign and encrypt your gmail emails here

This a step by step walk through to give you the ability to fully encrypt your email using your gmail account and strong PGP based encryption. Some users who have google chrome installed have reported installation problems. You may want to uninstall google chrome if you have problems any where during installation.

 

It's funny you posted this as i'm immersed into this area right now in a VM testing. Another you can check out is Comodo Secure Email with free certificates issued from Comodo - http://www.comodo.com/home/internet-security/secure-email.php

Have Gmail & Hotmail setup in Thunderbird 3 using signing and encryption with comodo certificates.

 

Yes, but it doesn't work directly with the GMail interface like FirePGP does. I don't think GMail will ever introduce mail encryption because then they won't be able to scan your emails

 

True - that would benefit those who don't use an email client.

Yeah ~ Snipped as per TOS ~

 

Just trying to test this in a VM to recommend to a few friends but it is not working. Is it my end or gmail issues??. I installed Firegpg extension but not sure if its compatible with firefox 3.6.3.??

 

I use Gmail e-mail encryption all the time with the Enigmail PGP plugin for Thunderbird. You don't have to use FireGPG as Gmail can be configured within e-mail clients.

 

Correct but some people just don't want to bother with an email client.

BTY, i have a question.

Does anyone know a good discussion forum strictly about email encryption

 

Well, finally got this sorted. The gpg.exe isn't installed in the main program files folder but a subfolder called "pub".

Secondly, the firegpg options shown below in the compose window are only there in the firefox 3.5 releases. With the 3.6 versions, you have to highlight the text you wish to encrypt and then access the firegpg options through tools menu in firefox to sign and encrypt.

Could someone enlighten me on what "inline" means??

 

More coffee please - forgot the pic

 

Yes, the GnuPG forums are where you want to go. A lot of real experts (developers, cryptologists, etc.) post there and also answer newb questions about PGP/GPG, how it works, etc. Granted the forums are mostly geared toward the use of the GnuPG software, but other non-GnuPG topics ocassionally arise.

It is mostly deprecated and not recommended. What it means is that you put the signature directly into the message itself like so:

Code:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hello world.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
Comment: Using GnuPG with CentOS - http://enigmail.mozdev.org/
-----END PGP SIGNATURE-----

This is "inline." Again, the preferred way is to go with an attachment, which many e-mail clients do automatically.

 

Thanks chronomatic

My experience is with Comodo Secure Email and as it turns out, is limited as it only recognizes and works with certificates and not keys

Could you expand on why inline is not recommended?? I ask because when i tried to send an encrypted email through the gmail interface using firegpg, it kept throwing me an error and didn't work (encrypt and send the email) until i used "inline".