[Chrome] Webmail encryption - Mailvelope

Sometime ago I came across this extension, but never tried it. I totally forgot about its existence. Today, while checking something else, I came across it again , and it seems to be evolving well.

Has anyone been using it?

-http://www.mailvelope.com/help


P.S: I searched the forum for mailvelope, but got no results, so if it has been discussed before, I'd appreciate if someone could point me such thread. Thanks.

 

Thanks for the info, I am gonna take a look.

 

I tried this extension few months ago.
I remember that I didn't like the fact that my private keys are stored in/by this app since I don't really know if they are not shared with someone else over the Internet connection.

I prefer GPA for PGP/GPG keys management (store, sign, auth, encrypt/decrypt) with blocked in LnS Internet connection for:

 

By shared, do you mean sent to someone without your consent, such as Mailvelope developer/team?

This being (in this case) a Chromium/Chrome extension, one can use Chromium's built-in flag --host-rules to restrict communications only to the webmail servers. Unless one fears the extension may send an e-mail containing the keys?

 

I doubt it send email which contains both keys. My only one worry is about that you don't really know what information are send to the vendor by using this app.
If you will use mentioned flag it should be ok, but I can't be 100% sure since I haven't tested it.

 

By the way, it's an open source project. Code is available here: -https://github.com/toberndo/mailvelope

It's always a matter of auditing the code.

 

Installed and generated my keys.

Now the only problem is that almost nobody encrypts emails...

 

That's a reality see our internal results regards email encryption at Wilders Encryption Poll
And this is specific community full of privacy and security related people.

 

is this a good program to use?

 

While it is a good tool the private keys are (were?) stored insecurely. You could pull them out of the extensions folder if you have access to the computer (remote shell or other means). It was shown on this episode of hak5:

-http://hak5.org/episodes/hak5-1417-

 

True, but Enigmail does the same thing...EVEN WITH A PORTABLE TB INSTALL IN A TC CONTAINER. You can find all your keys in:

C:\Users\'User Name'\AppData\Roaming\gnupg

And this is with Enigmail using a gpg.exe that *also* resides in the TC container. I just cut and paste the key rings in there every time I open TB...otherwise, I cut and paste them back to the TC container for storage. Maybe the same will work for Mailvelope?

Even then, the pass phrase still protects the secret key - make it good!

PD

 

That would be how I'd use it as well - using TC container. I still haven't done it, because I've been a bit lazy, and so far haven't met anyone using e-mail encryption. But, I have some contacts now that are using, so it's a great reason to finally use the extension.

Hopefully the TC container approach will work just fine.

 

Now I am waiting for the Firefox add-on, which is under development.

Then I will be waiting for a single person using Email encryption...it looks a long way...

 

Then probably you should convince more people to visiting wilderssecurity

 

Mailvelope was storing private keys in plain text if i'm not mistaken. So no password needed.